Mitigating Ransomware Attacks – Outsmarting Cybercriminals in 2021
One compromised password shutdown the largest fuel pipeline in the U.S.A. A few weeks later, cybercriminals attacked the world’s largest meat company, shutting down nine of its beef plants. Each company paid millions of dollars to regain control of their businesses.
As cybercrime evolves in complexity and destructiveness, businesses are challenged with staying a step ahead of criminals. To protect against continuous cyber threats and attacks, cybersecurity policies and procedures must be integrated into every action a company takes. In addition to having a strong infrastructure to monitor, detect, and protect against threats, it is essential employees understand their role in protecting against and reporting suspicious activity.
When it comes to mitigating cyber risks, a robust cybersecurity program is key.
Preparing From a Technical Perspective
Companies should develop a blueprint for responding to cyber threats and attacks. This resource should include a comprehensive data map and exercises for worst-case scenarios and supportive policies to mitigate risk.
A data map is the foundation to any strong response plan to a cyber incident and should provide a detailed overview of a company’s systems, including its backups. This will allow for impacted systems to be quickly identified and backups to be efficiently deployed, resulting in minimal data loss and minimizing significant disruption.
Practicing enterprise-wide responses to a cyberattack, especially ransomware, can significantly decrease the impact of the incident and help companies avoid headlines. Working through tabletop exercises and threat-model scenarios can help understand how responding to a cyber incident – from identification to reporting – takes collaboration across the entire organization. It can also identify and remediate gaps in a company’s response plan before an actual attack occurs.
While cyber incidents are inevitable, protective policies and procedures can provide companies an additional layer of defense. For example, implementing network segregation, “Zero Trust” policies for third-party software, and advanced detection and response controls are proactive measures companies can take to protect themselves against cybercriminals.
First Line of Defense - Employees
A recent report by Statista found top causes of ransomware attacks are phishing emails, poor practices by users, lack of cybersecurity knowledge, and weak passwords and access practices. Not to mention the new vulnerabilities developing from remote and hybrid workplaces.
Employees serve as a company’s first line of defense against cyberattacks. Hackers count on employees to mistakenly click a link or download one of their programs to successfully install their ransomware programs. However, security-conscious employees can thwart a cyber incident well before it starts.
As cyberattacks continue to evolve, it is important to train employees frequently. Training should be accessible to all employees, regardless of location. Educational technology companies, like Skillsoft, with large libraries and regularly updated training, can help organizations and employees stay on top of the latest cybersecurity risks and how to prevent them.
Cyberattacks do not happen in a vacuum. Companies need to cross-train nearly every department on their cybersecurity policies and procedures to effectively respond to cyber incidents. A cross-functional team including investor relations, communications, legal, marketing, sales, and human resources should meet regularly to discuss, practice, and enhance cybersecurity responses. This will help identify and assign responsibilities, educate teams on escalation points for different crisis scenarios, and identify vulnerabilities.
Investigate, Report, and Remediate
Companies will continue to experience cyber threats and attacks. While a comprehensive cybersecurity program with robust infrastructure, educated employees, and support of a cross-department team is important, analyzing and understanding why a cyberattack occurred is critical to avoiding future events. How a company responds to a cyber incident is key to avoiding an enforcement action, minimizing reputational damage, and reassuring customers corrective action has been taken.
Working with an independent third party can often expedite recovery after a cyber incident. Outside experts can be helpful in providing objective assurance to clients and stakeholders, enhancing policies and procedures to avoid similar attacks, and navigating required reporting.
With damages for cyberattacks reported to reach $6 trillion this year, a company’s detection, security, preparedness, and post-event response will dictate its resiliency when facing a ransomware attack.
Luke Tenery is a partner with StoneTurn, a global advisory firm, and head of StoneTurn’s Cybersecurity practice.