A recent study reveals that many organizations shut down temporarily or permanently after a ransomware attack. Learn more about how you can protect your business from ransomware attacks.
A successful ransomware attack can destroy an organization. Even paying a ransom does not mean that your company will not suffer a permanent loss. A report released Tuesday by security provider Cybereason looks at the effects of ransomware on many organizations and offers advice on how to protect yourself against such attacks.
Ransomware attacks are on the rise
To create its 2022 report, Ransomware: The actual cost of doing business, Cybereason In April 2022, the Census Wide Commission commissioned a survey of more than 1,400 cybersecurity professionals in the United States, United Kingdom, Germany, France and other countries. Companies with 700-999 employees are responsible for 52% of responses. 33% of those with 1,000-1,499 employees. And companies with more than 1,500 employees are responsible for the rest.
Among respondents, 73% revealed that their organization had been targeted by at least one ransomware attack in the last 24 months. This percentage has increased from 55% in the 2021 report of Siberia.
See: Ransomware: How to prepare executives for the current threat landscape
Paying a ransom does not guarantee secure or intact data
Whether to pay or not is a question every ransomware victim must decide. Of those who decided to pay, 49% said they did so to avoid revenue loss; 41% said they paid for a speedy recovery of their compromised files; 34% had fewer employees; And 28% were part of a critical industry, so they paid to avoid downtime which could result in injury or loss of life.
However, paying a ransom does not guarantee that your encrypted data will be fully recovered or that your organization will be safe from future attacks.
More than half of those surveyed said they still run into system problems or malicious data even after paying to decrypt their data. And about 80% of those who paid have been the victims of a second attack. In fact, many of them were killed in less than a month, several by the same attackers and some for even more ransom.
How to protect your organization from ransomware attacks
The damage done by a successful ransomware attack can easily be sustained beyond the initial event. Among respondents, 37% said they were forced to lay off employees after the attack, 35% said many C-level executives were forced to resign, and 33% acknowledged that they would have to close their business temporarily or permanently.
To protect your organization from ransomware attacks, Cyberson offers the following tips:
Follow the best practices for your cyber security
This means you patch complex vulnerabilities in a timely manner, update your operating system and software, conduct offsite backups, set up safety training for employees, and ensure that the right security products are installed on your network.
See: Password Violation: Why Pop Culture and Passwords Don’t Mix (Free PDF) (TechRepublic)
Set up multilayer security defense
Next generation antivirus, or NGAV, Should be standard on all your network endpoints. The goal is to prevent ransomware attacks by scanning for known malware as well as custom malware.
Use endpoint and enhanced detection and response (EDR and XDR) tools
Such solutions can detect and analyze malicious activity across your network. The idea is to stop a ransomware attack before executing and encrypting any data and distributing ransomware payloads.
Ensure that key security personnel are accessible
Necessary security personnel should be available at any time of the day, especially on weekends and holidays. Make sure all on-call assignments for security personnel are clear to everyone.
Periodically run the tabletop drill
Tabletop drills and exercises test the responsiveness of key employees with a simulated cybertac. Designed to improve your incident response system, these drills should be cross-functional and include people from the legal, HR (human resources), IT and executive departments.
Check your lockdown method
In the case of a ransomware attack, you need to know how to disable or lock down the affected accounts, systems and other resources to prevent the attack from spreading. Your security personnel need to be able to disconnect a host system, lock down a compromised account and block a malicious domain. Be sure to test these methods at least once a quarter with both scheduled and unscheduled drills.
See external security options
If your organization lacks the people or skills needed to deal effectively with cyber attacks, evaluate managed service providers who can take on that role in any emergency.
See: Mobile Device Security Policy (TechRepublic Premium)
Important account lock down during weekends and holidays
Since critical accounts are most at risk during ransomware attacks, consider locking down those accounts when they are not in use on weekends and holidays. Instead, secure, only emergency accounts can be used by people while other important accounts are disabled and unavailable.
