Combating ransomware: Don't let your data be held hostage
cybercrime and the rise of ransomware-as-a-service
Enterprises today operate in a digitally connected world, where technology and connectivity are core of their digital transformation strategies and operations. However, with hyperconnectivity, organizations must also contend with hyper-exposure to cyber risk.
Amongst the most prevalent threats today, ransomware is one of the most disruptive and destructive risk that enterprises face In the last 12 months, Cyber Security Breaches survey highlighted 39% of UK businesses identified a cyber-attack, remaining consistent with previous years. With modern enterprises relying extensively on data to run their operations, cybercriminals can effectively shut down an entire organization by taking their data hostage.
Moreover, ransomware attacks are becoming increasingly sophisticated and multi-layered. For instance, by encrypting and exfiltrating their victims’ data, cyber perpetrators can extort more money by threatening to expose the information to data leak sites or underground forums.
In fact, ransomware has become such a significant risk that NordLocker’s analysis looked at the global distribution of ransomware attacks between January 2020 and July 2022, finding that regardless of geographic location, small businesses are at the highest risk, accounting for nearly two-thirds (62%) of all attacks take place in the UK. Likewise, International law firm RPC found that the number of UK ransomware attacks highest targeted sectors were finance, insurance, credit, education, and healthcare.
CR Srinivasan is an Executive Vice President for Cloud and Cybersecurity Services & Chief Digital Officer at Tata Communications.
So, what can organizations do to protect their business? Here are five important considerations:
1. Reinforce cyber hygiene
From a technology perspective, good cyber hygiene practices comprise of disciplined vulnerability assessment and management where all operating systems, software, firmware, and network devices are constantly updated. Additional attention is needed for end of life and end of support applications and devices. Organizations should also enforce robust password regimes and leverage measures, such as MFA (Multi-Factor Authentication), to minimize the chances of unauthorized access.
People form another critical aspect of cyber hygiene. Organisations should conduct regular cyber awareness training to raise employees’ cybersecurity knowledge and awareness. They should also conduct exercises, such as phishing attack simulations, to elevate employees’ cyber vigilance. These steps are vital in preventing ransomware delivery through social engineering.
2. Adopt a zero-trust approach
Organizations should look at transforming their security infrastructure based on zero trust principles. In simple terms, zero-trust essentially means that an organization does not automatically trust anything inside or outside of its perimeter. Every access request needs to be fully validated to ensure its legitimacy.
The impetus to adopt a zero-trust framework is the dramatic growth of endpoints within organizations and the need for more devices to communicate directly with applications. Zero-trust allows enterprises to verify access requests based on identity and user context and limit access to specific applications to authorized users, creating a more secure digital environment.
3. Vault your data
Effective preparation is the key to minimizing the impact and disruption that ransomware attacks can bring. Frequent data backups, regular testing of backup restoration and storing data in vaults are critical to avoiding a data hostage situation.
Organisations need to recognise that paying the ransom is never recommended path. Instead, they should focus on preparations that allow them to get back on their feet swiftly. The optimal approach to addressing a ransomware incident is to execute data recovery from the offline data storage to resume operations.
4. Upgrade your defenses with a security operations centre
Enterprises can adopt a more proactive cybersecurity stance by creating their own security operations center (SOC) with the right analytical tools and skills or subscribing to the services of one. Through an advanced SOC, organizations can move beyond security information and event management (SIEM) tools with curated Cyber Threat Intelligence Feeds which are credible and actionable. Additionally, integrating Security Orchestration And Automation (SOAR) can give enterprises the ability to automate containment actions swiftly which are key in current cyber threat context. Also, enterprises should leverage user and entity behavior analytics (UEBA) and detection tools to more holistic extended detection and response (XDR). Tapping on XDR can give enterprises the ability to secure all data across their digital estate.
Besides having the right technological tools and framework, another critical component of a fully functional SOC is talent. The SOC needs to be manned by a team of highly skilled cyber defenders with deep knowledge of the enterprise estate. As the cybersecurity industry faces a manpower crunch, organizations can look to managed security service providers to fill the gap.
The SOC team can also help enterprises develop a ransomware response checklist and incident response plan. This includes understanding applicable state data breach laws, mapping communication procedures, and ensuring the contacts matrix is up to date. In addition, organizations can further evaluate their readiness by conducting periodic incident response drills.
5. Secure your digital ecosystem
Lastly, in a digitally connected world enterprises today have many dependencies as look to deliver value across their ecosystem of partners, suppliers, governments, institutions. They must evaluate the security posture of their third-party partners and ensure all connections between third-party vendors and outside software or hardware are monitored and reviewed for suspicious activity. Cybersecurity assurance should also be critical evaluation criteria when selecting partners and vendors. Organizations need to be able to trust their partners’ capabilities to secure the data they share with them.
With the industrialization of cybercrime and the rise of ransomware-as-a-service, ransomware attacks have become advanced, destructive, and challenging to defend. To keep their digital assets safe and prevent their data from being taken hostage, enterprises need to continue to evolve their cyber defenses.
By seeking a trusted cybersecurity partner to help evaluate their security posture, improve their defenses and elevate their cybersecurity strategy to the next level, organizations can better protect their continuity while ensuring they stay one step ahead of cyber adversaries - especially in the face of increasingly potent ransomware attacks.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Srinivasan CR is an Executive Vice President for Cloud and Cybersecurity Services & Chief Digital Officer at Tata Communications.