In our previous blog, we discusses the infamous question of “to pay, or not to pay?” when a network is hit by ransomware. But what about BEFORE the attack happens? In order to do that we need to talk about being ransomware resilient.
What does it mean to be resilient?
Being resilient means that a person, animal, or entity such as a business organization is able to withstand or recover quickly from difficult conditions and able to recoil or spring back into shape after bending, stretching, or being compressed. Synonyms include – quick to recover, quick to bounce back, difficult to keep down, irrepressible, adaptable, and flexible.
Why the English lesson? Well, as discussed in our previous blog about ransomware attacks and fighting ransomware, being ransomware resilient and mitigating ransomware attack outcomes doesn’t mean an organization won’t be hacked. It means less business downtimes, more productivity, and having choices regarding how attacks are handled so that the organization will not only recover but thrive.
Implementing specific proactive defense tactics now to protect organizations will mean that even if there is a ransomware attack, outcomes need not be catastrophic to the business, and oftentimes, it is possible to mitigate the outcomes of ransomware dramatically, regardless of ransom demands.
These are the steps to take right now.
- Test. Think you are equipped for fighting ransomware attacks? Think again. Thousands of cyber-attacks are occurring every day. Hire a professional and objective team to assess the state of your cyber-hygiene and security preparedness. Pentesting, red team simulations and holistic cyber risk assessments will help your team to see where you stand right now.
- Create cybersecurity strategies and practice attack scenarios. Enterprises need a proactive defense program that will scale and evolve quickly, along with the rapid changes in the cyber threat landscape. It is no longer enough just to secure an organization’s systems. Security teams must now use tactics such as advanced and sensitive detection elements, proactive defense programs, intelligence insights, multi-faceted preventative countermeasures, deceptive techniques, and more.
- Backup, segregate and segment your company’s data. Compartmentalize wherever possible and harden the network. Create backups and implement least-privilege user-rights like a fanatic. Nothing new here, but all bases should be covered ASAP.
- Review business drivers. Every enterprise is different in terms of workflows, business impact and practices. Planning security practices for your specific company will help to withstand and mitigate the risks. Don’t just buy the latest or most expensive products, implement the best solutions for your own environment. If your company is going through major changes right now, such as Mergers & Acquisitions, be sure to attach a security expert to the process so that in addition to business and legal risks, cybersecurity risks are considered and calculated.
- Be aware of what’s behind paying the ransom. If we all stop paying, obviously ransomware will go away, right? The fact that it isn’t going away, is a great clue. Being held to ransom is extremely unpleasant. We’ve seen situations where people had threats on their lives and livelihoods due to stolen files. Still, with the right testing, preparation and planning, chances are better of enhancing business continuity, and reducing downtimes without having to pay the ransom.
- Work hard to get your board on board. Use the current momentum discussed in our previous blog and the 24/7 news cycle to proactively prepare for ransomware before you are forced to deal with it. Get your board to work with you on keeping the business running even if parts of it should suddenly become encrypted. Use tabletop exercises to drill down on specific ransomware scenarios, including practicing who will communicate with whom during an attack, what security procedures must be followed and review which tactics have yet to be implemented.
- Make sure you have the best incident response team assigned and available to your company 24/7. Should an incident occur, it makes a big difference to have the best professionals standing by and ready to go.
Learn more about how to defend your organization from ransomware. Click here.
Remember, not every breach needs to be a catastrophe.
Let’s be clear- attackers come well prepared and well versed about every inch of your attack surface. They understand your organization and they’ll be extremely efficient in their ability to find the assets that can cause the most harm to your business once encrypted or stolen. If you prepare your organization now, when the moment arises, you will discover that you have choices. As mentioned above, that’s what it means to be ransomware resilient and properly fighting ransomware. It doesn’t mean that you can’t be attacked, it just means that you have ways of mitigating the outcomes.
What’s the low-hanging fruit for ransomware attackers?
Typically, the lower hanging fruit for cyber offenders includes the companies that think they are cyber-ready. They have typically patched their servers and all software on a regular basis. They have quality antivirus, firewalls, and other controls in place. They have run testing scripts to make sure their systems have not been infiltrated. Nope, the tests concluded, you’re clean as a whistle. So how could such an organization wind up having been through a ferocious ransomware attack with such harmful outcomes, including some businesses that had to close?
Oftentimes, the reasons can be so simple and easy to fix, it is mind-blowing. It could be as simple as not changing an admin password for multiple users; using an outdated version of a testing script that doesn’t show newer potential exploits; neglecting to patch a piece of everyday software; or a simple phishing email to a non-suspecting employee.
How aggravating, and how damaging, such a minor slip could be. Thought you were patched? Sorry, you were wrong. These are just a few real-life examples of missteps organizations make that set them up for a ransomware attack.
The adage goes – defenders must be right 100 percent of the time, but the attackers just need one time out of a million to sneak in.
You don’t have to have the best security. You just need to be harder to attack than other companies in your industry so that you are not attractive to cyber offenders as a target. If you make it just difficult enough, they might move on to lower hanging fruit.
Learn more about how to defend your organization from ransomware. Click here.