In 2020, there was a successful ransomware attack every eight minutes.
The threat of a ransomware attack is growing more prodigious everyday, and we need to be alert and proactive to protect ourselves from more high-impact attacks.
So what questions should you be asking, and what steps can be taken to mitigate the impact of the next wave of ransomware?
1. Can We Effectively Defend Against a Ransomware Attack?
You should begin by understanding your current position. A threat hunt will help you evaluate the weakness and strengths of your environment. In all attacks, hackers need an entry point to carry out ransomware campaigns. This could be through unpatched systems, compromised credentials, spear-phishing, or a compromised vendor. A threat hunt will show you any gaps that could be used as an entry point into your environment.
A key part of defending against ransomware, involves proactively assessing your own environment or engaging with technology vendors. The role of a technology vendor is to maintain an effective defense posture, with timely remediation toward any vulnerabilities on your systems before they are exploited.
2. Can we catch, contain, and come back from a Ransomware Attack?
Once you have identified if you can defend your business against a ransomware attack, you should begin to set out a plan to detect and respond to the threat.
Your ransomware playbook must address the steps and capabilities to contain ransomware, including system and network isolation.
The goal is to restrict the blast radius rapidly when an infection is detected. Your response playbook should also address considerations beyond technical containment.
Your ransomware response should always consider multiple processes, management layers, and functions within your business, such as:
- Restoration of data and operations
- Internal and external communications
- Decisions on paying the ransom
- Specialised professional services, and more.
- Finally, your plan should be tested with simulations that mimic a real ransomware attack, before a real one occurs.
3. Can we access the data we need to understand the impact of a Ransomware Attack?
When combating a ransomware attack, it is vital to have rapid access to the right telemetry to learn how the attacker managed to penetrate your network, and how far they got.
A cyber attacker’s fingerprints are recorded in data, so businesses need to be able to contact-trace their assets during an attack.
4. How can we constantly evolve our approach to Cyber Resiliency?
The tactics behind Ransomware attacks are, and will continue to evolve. In the last five years, they have changed considerably.
Attackers have a plethora of approaches that they use to pressure and blackmail companies into paying ransoms. The insurance industry in particular is encouraging victims and insurance companies not to pay ransoms.
It’s important for businesses to constantly reassess and update their framework, to evaluate resiliency, prevent, detect, and respond to ransomware.
5. Can we move fast enough?
The best way to respond to ransomware is to move quickly, understand the extent of the compromise and contain the incident. Your mean-time-to-detect (MTTD) and mean-time-to-respond (MTTR) are key.
It’s imperative to have the best level of security automation in order to detect and contain a ransomware attack. Response automation can be the difference between a minor incident and a high-profile compromise.
Techwell are here to Prepare Your Business for the Inevitable Next Attack
The threat of ransomware is not going away anytime soon, so we need to build solid, comprehensive cybersecurity response plans to have the best chance we can, in navigating this ever evolving threat.