Ransomware Epidemic: Use these 8 Strategies to Mitigate Risk

Ransomware: Still a Cyber Menace to all Businesses

Ransomware has become the top cyber threat facing businesses today.¹ In fact, its menacing growth has helped drive cyber attacks to the top of the list of global risk concerns organizations face today.² Unlike a data breach, ransomware is a risk without discretion. Any company that requires access to critical data or faces loss or hardship in the event of business interruption is a potential ransomware victim. Unfortunately, attacks have become more sophisticated and are growing.

The potential consequences of business disruption and loss or public exposure of sensitive data are severe, and can include loss of revenue, reputation, breached contracts, missed deadlines, failure to meet customer or client expectations, or even, in the most extreme examples – such as with healthcare providers – possible loss of life.

Businesses must take proactive steps to prepare for and prevent these outcomes resulting from a ransomware attack.

8 Ransomware Risk Mitigation Strategies

Consider these eight tips to help mitigate the risk of falling victim to ransomware and to better prepare for a ransomware incident:

1. Be proactive

Ensure that the Incident Response (IR) Plan/Playbooks, and/or Business Continuity Plan/Disaster Recovery Plan have been assessed, reviewed and updated. But, most important, these plans and playbooks must be tested through simulated practice across realistic scenarios to help improve resilience.

2. Educate employees on cyber security and phishing awareness

Companies must create a culture where all employees feel responsible for enterprise security, and are encouraged to participate in proactive detection of, and defense against, threats, risks and attacks. Phishing is still a leading cause of unauthorized access to a corporate network, including as the entry point for ransomware attacks. Training users to not only spot a phishing email, but to also report the email to their internal cyber security team, is a critical step in detecting the early stages of a ransomware attack.

3. Employ multi-factor or "two-step" authentication

Multi-factor authentication across all forms of login and access to email, remote desktops, external-facing or cloud-based systems and networks should be a requirement for all users. The presence of multi-factor authentication may even prevent the exploitation of stolen login credentials because the attacker does not also possess the necessary second piece of the login process, the authentication key.

4. Keep systems patched and up-to-date

Unpatched vulnerabilities allow attackers to compromise corporate networks, and attackers can often identify a vulnerable system with a simple scan of the Internet using free tools. They engage in this exercise broadly and indiscriminately, looking for exploitable systems on which to unleash ransomware and other cyber attacks. Make sure your systems are patched and current.

5. Install and properly configure endpoint detection and response tools

Tools that focus on endpoint detection and response can help decrease the risk of a ransomware attack and are useful as part of incident investigation and response. Properly configured security tools give a much greater chance of detecting, alerting on, and blocking threat actor behavior.

6. Design your networks, systems, and backups to reduce the impact of ransomware

Ensure your privileged accounts are strictly controlled. Segment your network to reduce the spread of adversaries or malware. Have strong logging and alerting in place for better detection and evidence in the event of incident response. Having a technical security strategy that is informed by architects that know the latest attacks and adversary trends is important, as is the use of continuous threat intelligence monitoring in open source and on the dark web.

7. Consider risk transfer options

Because a ransomware attack can threaten an entity’s reputation and goodwill, the complete risk of ransomware can never be fully mitigated or transferred. However, in practicing ransomware preparedness, organizations should consider obtaining appropriate cyber insurance coverage. In doing so, organizations should review how coverage addresses indemnification for financial loss, business interruption, fees and expenses associated with the ransom and incident response, as well as considerations for service providers, such as the ability to work with incident response providers of choice.

8. Pre-arrange your third-party response team

An effective ransomware response will often include all or some third-party expertise across the disciplines of forensic incident response, legal counsel, crisis communications and ransom negotiation and payment. As time is of the essence during a ransomware attack, it is critical to pre-vet and pre-engage a team of professionals to monitor and be ready to respond to an attack when it happens. Mitigating the risk of ransomware is a challenge for all businesses, large and small. Fortunately, there are effective risk mitigation strategies to prepare for the potential of a ransomware attack.

Mitigating the risk of ransomware is a challenge for all businesses, large and small. Fortunately, there are effective risk mitigation strategies to prepare for the potential of a ransomware attack.

¹ Global Ransomware Damage Costs Predicted to Reach $20 Billion by 2021
² 2021 Global Risk Management Survey | Aon
³ How much does a data breach cost in 2022? | IBM/Ponemon Institute Report
⁴ Top 6 Cybersecurity Predictions And Statistics For 2021 to 2025 (cybersecurityventures.com)

Disclaimer

This material has been prepared for informational purposes only and should not be relied upon for any other purpose. You should consult with your own legal and information security advisors or IT Department before implementing any recommendation or guidance provided herein.