07 Dec What more can businesses do to combat ransomware?
Every business is at risk of falling victim to a ransomware attack. Ransomware is a form of malware that blocks access to a file, system or device until a ransom is paid. Most businesses have taken steps to reduce their cyber risk. However, there is more that can be done.
The Current State of Ransomware
Ransomware can be financially devasting for businesses. There have been some major ransomware attacks throughout the UK and the Republic of Ireland in recent years, costing millions. Additionally, data leaks can be harmful to a business’s reputation and public image. This concept is known as double extortion, whereby if the company can recover from a ransomware attack through backups, without paying the ransom, the attackers will exfiltrate the data and either leak it online or sell it to the highest bidder.
As double extortion has become the new normal for ransomware, the way businesses protect against ransomware has also changed, with backup and disaster recovery no longer being sufficient.
Ransomware Entry Points
Phishing has consistently ranked as the number one threat vector for many years, with 83% of all cyberattacks in in 2022 being some form of phishing attack. Whilst some phishing ransomware attacks can be prevented with technologies and cybersecurity technologies and awareness training, some are more sophisticated. In spear phishing, for example, involves tailored phishing attacks that look as though they are from a trusted individual or company but contain a malicious link.
Credential stuffing is a form of cyberattack where the attacker collects stolen account credentials, (usernames/emails and passwords purchased on the dark web through previous data leaks or ransomware attacks), to gain access to other accounts.
Exploiting Vulnerable Systems
Businesses that are running systems, applications or services without the latest security updates (an old computer or server that’s not used frequently, for example), are at risk of a ransomware attack through the exploitation of a known vulnerability.
Ransomware Protection Methods
For businesses considering how to combat ransomware, a multi-layered approach is essential.
As phishing is the number one threat vector, businesses must secure their email systems. Similar to protecting against ransomware in general, with a multi-layered approach, including the implementation of DMARC, SPF and DKIM within their domain, an email security solution to block potential phishing emails, and security awareness training for staff to accurately detect and report any potential phishing emails.
Password Security and MFA
To protect against credential stuffing, users should follow password best practices. All passwords should be long and complex, including numbers, symbols and uppercase letters, without using dictionary words or names. Unique passwords should be used for each system, service and application. Password managers, and passwordless authentication can support password security. Businesses should also implement multi-factor authentication on all accounts to prevent account compromise attacks.
Update and Patch Management
Although up-to-date machines and applications can have unknown vulnerabilities or zero-day exploits, it is not a common occurrence. For this reason, businesses should run all updates and patches as soon as possible. Unfortunately, many employees will delay updates, due to the inconvenience of restarting their device. However, important updates can be forced using a Mobile Device Management solution, such as Microsoft Intune.
Endpoint Detection and Response (EDR)
With double extortion becoming more commonplace, businesses need to invest more in protecting ransomware entry points. If a phishing email gets through email security, and a malicious file is downloaded, an EDR solution will detect and stop the execution of most ransomware variants. Such a solution is also beneficial as it addresses the common issue of the constantly expanding attack surface. An EDR solution as the second last line of defence, as it is only effective when ransomware has reached a machine.
Backup and Disaster Recovery
Whilst a comprehensive backup and disaster recovery solution will not prevent a double extortion attack, it will enable businesses to recover if they are the victim of ransomware. When implementing a backup and disaster recovery solution, businesses need to consider the Recovery Point Objective (RPO) and Recovery Time Objective (RTO). The RPO defines how often data is backed up, for most businesses this is once every 24 hours. The RTO defines how long it takes to for data to be restored after a disaster, such as a ransomware attack. Some disaster recovery solutions have automatic rollback after a ransomware attack, to maintain business continuity. Businesses should consider this the last line of defence.
Protecting your business from Ransomware
Many businesses choose to rely on the expertise of a third party IT specialist, like Extech Cloud, to reduce their cyber risk. Whilst no provider can say with 100% certainty that they can safeguard against all ransomware attacks or cyberattacks, Extech Cloud can help your business with a multi-layered security solution that will decrease your chance of falling victim. Read about it in our blog. To find out more about how we can secure your business, visit www.extechcloud.com.