Preventing Ransomware From Crippling Your Organization

The recent surge in ransomware attacks is linked to increased targeting of banking, technology, utilities, and energy industries.  Ransomware is driven notably by the rise of Ransomware as a Service (RaaS) and the low cost and risk associated with conducting an attack.  Oftentimes the precise origin of cyber attacks cannot be identified, which allows the nefarious behavior to go unpunished, no matter how harmful the impacts. In addition, widely available, low-cost tools provide a low barrier to entry into the cyber crime market, which is estimated by security researchers to exceed $6 trillion by 2021.

Ransomware is increasingly targeting multiple industries with downtime and lost productivity however, organizations can best manage this risk with proactive prevention and a tested response plan.  The following steps can kick-start your organization’s prevention and response plan today:

  1. Acknowledge there is a ransomware risk:  It is critical that senior leadership acknowledge that risk from a ransomware attack must be managed and agree that prevention starts now instead of waiting to respond to an attack after it has occurred, which risks greater harm to your organization.
  2. Patch and Update and Patch and Update: It is amazing how many times this lesson is re-learned the hard way. If you are not patching and updating your systems you are almost asking for trouble
  3. Implement a Full Spectrum Defense: The community has developed best practices over years, and you can leverage other people’s knowledge to enhance your defenses. We maintain an updated list of best practices that are informed by ongoing threat actions. Find them here.
  4. Invest in employee security training:  Ensure that your staff understands that they have a role in ransomware prevention, know what that role is, and what to look for to help prevent this type of attack.
  5. Implement Access Control Lists (ACLs) and monitoring of physical and IT infrastructure: This allows you to permit/deny traffic based on IP address and/or TCP/UDP port(s) and will prove useful if you need to conduct a review for traffic on your network.
  6. Practice your organization’s disaster recovery plan in response to a ransomware attack:  Your organization’s leadership may benefit from training in a gaming scenario which provides them the opportunity to engage in strategic decision making under pressure. The test should also include back up checks.

Don’t let your organization be a ransomware target of opportunity.