Ransom: Prepare For The Worst

It’s official: no sector is safe from ransomware. According to an alert from the US Cybersecurity and Infrastructure Security Agency (CISA), organisations everywhere, from charities to defence and financial services, are likely to be targeted by criminals seeking to gain access to sensitive networks and make them inaccessible, only releasing them for a fee. 

What’s particularly worrying about the spread of ransomware is the increased sophistication of the technology behind the attacks. CISA put it best when it observed that in 2021 authorities in the US, UK and Australia had seen “an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organisations globally.” 

A New Threat Era

While many of the methods used to gain entry (such as phishing, brute force or exploiting vulnerabilities) remain the same, the approaches used are now incorporating innovations like ransomware-as-a-service. The BlackCat/ALPHV RaaS is a good example of this, having breached at least 60 organisations globally as of the end of March 2022. 

In fact, it is the evolving nature of ransomware that is keeping many people up at night, with Gartner placing new ransomware models as the top concern facing executives in 2021, ahead of talent, a COVID-19 endemic and supply chain disruptions. 

They’re disturbed by it because there seems to be no end in sight; every time businesses think they’ve found a way to protect themselves, cyber threats evolve - and ransomware is no different. 

Does that mean there is no solution? No, but it means a change in mindset is required. Again, it is very much a case of when, not if, companies will be subject to a ransomware attack - and accepting that can go a long way to helping protect the organisation. 

Four Steps To Combatting Ransomware

Of course, it will take more than accepting the inevitable to keep cyber-attacks at bay. But understanding that a business will be targeted, particularly in a sector perceived to be as cash rich as financial services, can help companies lay the groundwork and take the first step to combat ransomware. 

And that step is preparation. If you know and accept something will happen, you can plan for it. When it comes to ransomware (or indeed any type of attack), having a good incident response plan is vital. It allows decision-makers to calmly assess what needs to be done and quickly act in the event of an attack. It’s critical to be able to access that plan at a moment’s notice, so make sure that there is a physical copy available (as well as anything stored on servers and networks). It might seem a bit anachronistic to prepare for a digital assault with a piece of paper, but if an attack succeeds in locking you out of that file, what will you do then? 

Having a plan might seem like an obvious part of preparation. What’s becoming more common is testing those plans. This could be tabletop ‘what if’ scenarios, with different people pulling plans apart to identify any areas of improvements. It could even be a full war game session, where teams take on different roles and are pitted against each to see how they would react in the event of a real attack. 

Closely linked to preparation is the second step: senior buy-in. Getting C-Level executives to buy-in to all aspects of cyber defence can be the difference between success and failure. When so much of ransomware is based on fast access to sensitive networks, it is imperative that everyone, from top to bottom, understands basic cyber hygiene principles and invests in maintaining (and indeed enhancing) their security education. No one is immune from being targeted, and high profile leaders are particularly visible: just ask the country CEO of one company, who was tricked into transferring company funds to cyber criminals that used deep fake technology to mimic the executive’s boss. While that wasn’t ransomware, it does highlight how important it is to educate everyone on the need for proper security processes.

That training also needs to reflect the current state of working today. With more people working remotely, companies need to protect not just corporate networks in the office, but the endpoints their staff are using from a variety of different locations. That means adapting policies and procedures, rethinking how you look at securing perimeters and implementing approaches that support people to work where they need to, without compromising security. That could mean, for example, an additional layer of security when handling communication to avoid attackers impersonating colleagues. 

The final step is to understand how you can mitigate successful attacks, i.e., the ones that do get in. That means constantly monitoring for signs of penetration, and then having the means to isolate the affected area rapidly. Your incident response plan will provide further details on what to do, which could include informing customers, investors, shareholders, regulatory bodies and other government agencies, depending on the nature of the attack and what has been targeted. There could also be a need to liaise with insurance providers, who may offer services relating to ransomware attacks. These might include recovery services, their own incident response management teams or liability cover to name but a few. 

Bear in mind that while many stakeholders will tolerate disruption from a cyberattack, they will not accept a lack of action when it comes to mitigating the impact. In some instances, as well as a hit to reputation and revenue, there could be regulatory punishments: something one US pipeline operator is currently facing due to a perceived failure to properly plan and respond to an attack. 

Should You Pay The Ransom?

There’s one other thing to consider when it comes to ransomware attacks: should you pay the ransom? Depending on the data affected and the demand that’s come from the attackers, it can sometimes be tempting to throw money at the problem. Yet this increasingly isn’t an option: depending on where the business operates, it might incur a fine or even be considered illegal, and it could well invalidate insurance. 

Instead, it's best to prepare for the worst: have a plan, educate your teams with training that reflects the reality of work today and be prepared to act fast. This is the only way financial services organisations can combat aggressive ransomware threats. 

Simon Eyre is Managing Director and CISO at Drawbridge

You Might Also Read: 

Ransomware’s Serious Effects On Cyber Security:

 

« Fixing The Cyber Security Workforce Gap
Edge AI: The Future of Artificial Intelligence And Edge Computing »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Free Access: Cyber Security Supplier Directory listing 5,000+ specialist service providers.

Link11 GmbH

Link11 GmbH

Link11 provides DDoS protection solutions to protect websites and complete server infrastructures from DDoS attacks.

Coalfire

Coalfire

Coalfire specialises in cyber risk management and compliance. Our services span the cybersecurity lifecycle from advisory and compliance, to testing and engineering, monitoring and optimization.

EnsuredIO

EnsuredIO

EnsuredIO offers a comprehensive Cyber Security testing service. We provide end-to-end Ethical Hacking and Penetration Testing, Application Security Testing and Quality Assurance.

Cyber Defense Initiative Conference (CDIC)

Cyber Defense Initiative Conference (CDIC)

Cyber Defense Initiative Conference (CDIC) is one of the most distinguished Cybersecurity, Privacy and Information Security Conference in Thailand and Southeast Asia.

National Cyber Security Centre (NCSC) - Ghana

National Cyber Security Centre (NCSC) - Ghana

The National Cyber Security Center (NCSC) liaises with relevant state agencies and the private sector to oversee cyber security operations in Ghana.

Basil Security

Basil Security

Basil is a policy enforcement tool for applications and infrastructure, as well as for security, development and operations (DevSecOps).

Whistic

Whistic

Whistic is a cloud-based platform that uses a unique approach to address the challenges of third-party risk management.

Pivot Technology School

Pivot Technology School

Pivot Tech offers Data Analytics, Software Development and Cyber Security training in boot camp style cohorts.