Ransom: Prepare For The Worst

Uploaded on 2022-06-27 in TECHNOLOGY--Resilience, FREE TO VIEW

It’s official: no sector is safe from ransomware. According to an alert from the US Cybersecurity and Infrastructure Security Agency (CISA), organisations everywhere, from charities to defence and financial services, are likely to be targeted by criminals seeking to gain access to sensitive networks and make them inaccessible, only releasing them for a fee. 

What’s particularly worrying about the spread of ransomware is the increased sophistication of the technology behind the attacks. CISA put it best when it observed that in 2021 authorities in the US, UK and Australia had seen “an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organisations globally.” 

A New Threat Era

While many of the methods used to gain entry (such as phishing, brute force or exploiting vulnerabilities) remain the same, the approaches used are now incorporating innovations like ransomware-as-a-service. The BlackCat/ALPHV RaaS is a good example of this, having breached at least 60 organisations globally as of the end of March 2022. 

In fact, it is the evolving nature of ransomware that is keeping many people up at night, with Gartner placing new ransomware models as the top concern facing executives in 2021, ahead of talent, a COVID-19 endemic and supply chain disruptions. 

They’re disturbed by it because there seems to be no end in sight; every time businesses think they’ve found a way to protect themselves, cyber threats evolve - and ransomware is no different. 

Does that mean there is no solution? No, but it means a change in mindset is required. Again, it is very much a case of when, not if, companies will be subject to a ransomware attack - and accepting that can go a long way to helping protect the organisation. 

Four Steps To Combatting Ransomware

Of course, it will take more than accepting the inevitable to keep cyber-attacks at bay. But understanding that a business will be targeted, particularly in a sector perceived to be as cash rich as financial services, can help companies lay the groundwork and take the first step to combat ransomware. 

And that step is preparation. If you know and accept something will happen, you can plan for it. When it comes to ransomware (or indeed any type of attack), having a good incident response plan is vital. It allows decision-makers to calmly assess what needs to be done and quickly act in the event of an attack. It’s critical to be able to access that plan at a moment’s notice, so make sure that there is a physical copy available (as well as anything stored on servers and networks). It might seem a bit anachronistic to prepare for a digital assault with a piece of paper, but if an attack succeeds in locking you out of that file, what will you do then? 

Having a plan might seem like an obvious part of preparation. What’s becoming more common is testing those plans. This could be tabletop ‘what if’ scenarios, with different people pulling plans apart to identify any areas of improvements. It could even be a full war game session, where teams take on different roles and are pitted against each to see how they would react in the event of a real attack. 

Closely linked to preparation is the second step: senior buy-in. Getting C-Level executives to buy-in to all aspects of cyber defence can be the difference between success and failure. When so much of ransomware is based on fast access to sensitive networks, it is imperative that everyone, from top to bottom, understands basic cyber hygiene principles and invests in maintaining (and indeed enhancing) their security education. No one is immune from being targeted, and high profile leaders are particularly visible: just ask the country CEO of one company, who was tricked into transferring company funds to cyber criminals that used deep fake technology to mimic the executive’s boss. While that wasn’t ransomware, it does highlight how important it is to educate everyone on the need for proper security processes.

That training also needs to reflect the current state of working today. With more people working remotely, companies need to protect not just corporate networks in the office, but the endpoints their staff are using from a variety of different locations. That means adapting policies and procedures, rethinking how you look at securing perimeters and implementing approaches that support people to work where they need to, without compromising security. That could mean, for example, an additional layer of security when handling communication to avoid attackers impersonating colleagues. 

The final step is to understand how you can mitigate successful attacks, i.e., the ones that do get in. That means constantly monitoring for signs of penetration, and then having the means to isolate the affected area rapidly. Your incident response plan will provide further details on what to do, which could include informing customers, investors, shareholders, regulatory bodies and other government agencies, depending on the nature of the attack and what has been targeted. There could also be a need to liaise with insurance providers, who may offer services relating to ransomware attacks. These might include recovery services, their own incident response management teams or liability cover to name but a few. 

Bear in mind that while many stakeholders will tolerate disruption from a cyberattack, they will not accept a lack of action when it comes to mitigating the impact. In some instances, as well as a hit to reputation and revenue, there could be regulatory punishments: something one US pipeline operator is currently facing due to a perceived failure to properly plan and respond to an attack. 

Should You Pay The Ransom?

There’s one other thing to consider when it comes to ransomware attacks: should you pay the ransom? Depending on the data affected and the demand that’s come from the attackers, it can sometimes be tempting to throw money at the problem. Yet this increasingly isn’t an option: depending on where the business operates, it might incur a fine or even be considered illegal, and it could well invalidate insurance. 

Instead, it's best to prepare for the worst: have a plan, educate your teams with training that reflects the reality of work today and be prepared to act fast. This is the only way financial services organisations can combat aggressive ransomware threats. 

Simon Eyre is Managing Director and CISO at Drawbridge

You Might Also Read: 

Ransomware’s Serious Effects On Cyber Security:

 

« Fixing The Cyber Security Workforce Gap
Edge AI: The Future of Artificial Intelligence And Edge Computing »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

NRD Cyber Security

NRD Cyber Security

NRD Cyber Security create a secure digital environment for countries, governments, and organisations and implement cybersecurity resilience enhancement projects around the world.

Neoteric Networks

Neoteric Networks

We deliver a no nonsense procedure to implementing technology. The technology selection process ensures that all customers enjoy an engineered methodology implementing technology.

Lumen Technologies

Lumen Technologies

Lumen is an enterprise technology platform that enables companies to capitalize on emerging applications and power the 4th Industrial Revolution (4IR).

VerSprite

VerSprite

VerSprite is a specialist information security consulting firm. We provide organizations with detection across all their attack surfaces and deliver critical insight into all possible attack methods.

Identity Defined Security Alliance (IDSA)

Identity Defined Security Alliance (IDSA)

IDSA is a group of identity and security vendors, solution providers and practitioners that acts as an independent source of education and information on identity-centric security strategies.

Garner Products

Garner Products

Garner design, manufacture, and sell equipment that delivers complete, permanent, and verifiable data elimination.

Greylock Partners

Greylock Partners

Greylock Partners is a leading venture capital firm based in Silicon Valley. We invest in all sectors of enterprise software technology including applications, cloud/SaaS, networking and security.

Blu Venture Investors (BVI)

Blu Venture Investors (BVI)

Blu Venture Investors is a venture capital firm that supports early stage companies with a focus on technology in diverse domains including cybersecurity, IoT, defense and homeland security.

Conatix

Conatix

Conatix was formed to apply recent advances in AI and other fields of technology to insider fraud, one of the most intractable problems in cybersecurity.

In-Q-Tel (IQT)

In-Q-Tel (IQT)

IQT is the non-profit strategic investor that accelerates the development and delivery of cutting-edge technologies to U.S. government agencies that keep our nation safe.

Open Quantum Safe (OQS)

Open Quantum Safe (OQS)

The Open Quantum Safe (OQS) project is an open-source project that aims to support the development and prototyping of quantum-resistant cryptography.

Cloud Range

Cloud Range

Cloud Range provides cybersecurity teams with access to the world's leading cyber range platform, eliminating the need to invest in costly cyber range infrastructure.

StrongBox.Academy

StrongBox.Academy

StrongBox.Academy provides cybersecurity training courses that are tailored to the specific needs and challenges of the industry.

Defimoon

Defimoon

DeFimoon is the International Blockchain Development & Security Agency. We provide professional services and solutions at the highest quality on world-leading chains.

Kusari

Kusari

Securing your software supply chain starts with understanding. Kusari is on a mission to bring transparency to your software supply chain and power secure development.

Knostic

Knostic

Knostic is an early stage startup developing a risk management and governance platform designed for enterprise large language models (LLM).