Consistently Preventing Ransomware
Many IT Security experts use a certain turn of phrase and we echo it: they only need to be lucky once, we need to be lucky all the time. How do you retain your luck and prevent IT Security incidents from resulting in damage to your organisation?
The challenge of ransomware has continued to be a problem since the start of 2020, and is part of an over-arching trend of cyber-criminals and other organised crime using blackmail to demand your money from you.
Currently, instead of physical harm and threats being presented to organisations in order to extract money or information, we are looking at ransoms of IT systems becoming the more lucrative option for such criminals.
Ransomware can come in many forms and is often aimed at inflicting costly downtime to a business, therein forcing them into a continuous loss until they either pay-up or recover their systems. Blackmail is now being used in order to ensure businesses do pay – by extracting your client data and intellectual property and threatening to sell it on the open market for the equivalent value of your ransom.
Preventing ransomware is possible though. IT Security is never a 100% thing – but that doesn’t mean getting as close to 100% is not the ultimate goal of building and maintaining secure information systems.
Endpoint Security is central for preventing ransomware from successfully attacking any IT Estate. Every network-enabled device is an Endpoint, even air-gapped systems that are taken off the internet for added security.
It is nonetheless the case that organisations need to consider the vector of attack that criminals will take. Think of it as the entry-route into a Castle, very often it is not the front-door which is used to break-in.
Smaller organisations often lack the budget for dedicated security teams but this does not mean investing in IT Security cannot be done – in fact smaller firms can often be more mobile and have better security than larger firms that don’t automate security.
Small organisations can for example setup a Security Operations Centre in order to administer the variety of systems and vendors that currently act as the foundation of their operation. Couple this with Managed Security Services through an EDR and you can achieve near-total oversight and security over your information systems.
This can be demonstrated by WatchGuard’s ability to only have one or two successful file-based attacks across their customer’s estates globally, as seen below.
Controlling the flow of information
Data Loss Prevention (DLP) is also central to successfully blocking ransomware’s Blackmail element. In the event that an insider-threat, such as a bribed employee, or an external threat, such as a criminal gang, are able to install ransomware on a device the data on it must be considered compromised.
Even a single ransomware attack will require your organisation to report to the ICO once you have run a debrief of the security event. Being able to demonstrate that you had DLP in place and that this prevented the leak of confidential data is a great boon for you.
One only need look at the weekly NCSC Threat Reports from the UK’s National Cyber Security Centre to see that ransomware is a growing threat and will continue to damage the operation of many organisations in future.
Having systems in place to prevent you from being Blackmailed is a critical accompaniment to using next-generation Endpoint Security. You must choose vendors who offer unified security in a holistic way, otherwise piecemeal approaches fail when it comes to preventing ransomware and will fail to satisfy regulatory bodies or customers.
Preventing Ransomware is achievable
Preventing ransomware can be done – in fact it has been done successfully for millions of organisations, both large and small. Depending on the nature of your business, such as if you deal with large bodies of customer data or very sensitive information, you may need to invest more for a multi-layered approach to further assure customers their data is safe.
IT Security need not be expensive – it must reflect your risk appetite and have red-lines established on systems which cannot be put in undue risk. You may want to create an IT Security Roadmap using our freely available template to identify where to focus on.
More than five years ago MalwareBytes ran a study which showed that 20% (one in five) businesses hit by a ransomware attack are forced to close. This hasn’t changed, many organisations regularly fail to protect their interests and close permanently as a result.
It is likely this figure may never change, but we heartily recommend that you and your organisation consider investments to avoid being part of that 20% that ultimately close.