Avoiding Business Disruption from Ransomware Attacks

October 28th, 2019 Avoiding Business Disruption from Ransomware Attacks
Dave Santeramo
Security Architect

 

2019 was supposed to be the year in which Artificial Intelligence and Machine Learning made the Internet a safe place for all. One could not attend a conference or read a trade magazine where the value of adopting AI and ML (for short) was not harkened as the solver of all things mischievous on the Internet. Then, can someone please explain to me why Ransomware has made such a comeback in 2019?

Ransomware infections are reported to have reached over 118% in the first quarter of 2019. Many of these cyber-attacks have been focused on the Healthcare, Government and K-12 education spaces. Why the focus on these areas you might ask? Simply put, these three areas are becoming increasingly dependent upon technology, as part of their daily business operations. Anyone that has been in a medical facility recently cannot but notice the ever-growing number of real-time connected devices. Governments are turning to the Internet more and more for everything from applications for licenses to the payment of fines to vital record management. However, the K-12 education space has seen the most integration of technology in the past few years. Some schools provide students with their very own Chromebook when they arrive on the first day. Everything from attendance to sports scheduling is using an integrated technology solution.

What is Ransomware?

Maybe I should take a step back and provide some context defining Ransomware. Simply put, Ransomware is a type of malware or malicious software that denies users access to critical data until a payment, or ransom demand is made. Typically, Ransomware is delivered to an organization via phishing email containing an infected attachment, or it is downloaded when a user unknowingly visits a cybercriminal’s website. Ransomware victims are often asked to supply the ransom payment in the form of Bitcoins. Once Ransomware invades an organization, it moves rapidly across the network to encrypt the data of as many hosts as possible. What makes this lateral movement easier is that most organizations still cling to the notion that threats are sourced external to the network. In today’s IT infrastructure, a successful security program needs to be based on the understanding that threats can come from anywhere.

How to Mitigate the Risk of Ransomware

With so many organizations being compromised by Ransomware, and with more and more business functions requiring network access, what should IT staffs do? Below are a few simple steps that can aid in mitigating the risk:

1) Plan to fail
Do everything possible to prevent an attack. However, have a plan in place for when there is a compromise. Make sure that your organization is aware of the plan BEFORE an event. Run practice drills with your team so every member knows what to do. Make sure that your incident plan is documented. Time matters when it comes to response. An IT staff’s ability to respond might be the difference between success and failure.

2) Cyber insurance
A key differentiator, for companies that have been impacted by Ransomware, is the existence of a cyber insurance liability or risk policy. Organizations that have purchased cyber insurance typically have been able to restore operations with minimal impact. Those that have not had the presence of mind to purchase the coverage have not only been saddled with the unbudgeted cost of restoration, but also run the risk of sustaining reputation damage.

3) Prevent
Build a program based on mitigation of risk. Have multiple solutions in place that, when combined, reduce the risk of compromise. There is no way that an IT organization is going to account for every possible scenario. However, taking a layered approach to Ransomware mitigation will significantly reduce your risk landscape. Ensure that systems are properly patched. The ransomware worm, WannaCry, took advantage of a security breach in older versions of Windows, making computers that had not been patched vulnerable. WannaCry spread through the Internet, infecting computers without a patch — and without user interaction. Patch management is a critical element to preventing a Ransomware attack from moving across your infrastructure.

4) Know your data
Identify and control access to your most sensitive data. With the increasing focus on data governance, an organization must be aware of the sensitivity of the data in their possession. This data knowledge will aid in driving a response plan to a Ransomware attack. Document where the data is located, what is the criticality, and who is the owner.

5) Restoration
There is one thing that organizations that have successfully responded to a Ransomware attack have in common. Each organization had a backup and restore strategy, in place, that protected data. The goal of Ransomware is to deny an organization access to their data. With item one in mind, it is critical that an organization have an air gapped and tested backup and restore program, in place.

Successfully responding to a Ransomware attack is contingent on the time spent in preparing for the attack. Organizations need to operate on the premise that, statistically speaking, an attack is going to happen. Ransomware attacks are projected to increase from every 14 seconds in 2019 to every 11 seconds by 2021. Having a well thought out tested plan, coupled with a prevention strategy and a sound air gapped backup architecture, will significantly limit your organizations risk and minimize impact.

Proven Solutions Mitigate Risk

Mainline has developed solutions that have successfully allowed our customers to mitigate the risk surrounding Ransomware attacks, cybersecurity, and cybercrime. For a large municipality, Mainline designed and implemented an automated backup solution that protects data, while allowing for quick restoration, if needed. In the education sector, Mainline has been on the forefront in developing endpoint security strategies for customers impacted by Ransomware.

With highest levels of security certifications, such as CISSP, and partnerships with top security solution companies such as HPE, IBM, Crowdstrike, Cisco, Juniper, Palo Alto, Splunk, Netskope, Varonis, Fortinet and more, Mainline’s security team has the knowledge and experience to help customers architect and plan their security.

To learn more please contact your Mainline Account Executive directly, or click here to contact us with any questions.

Related articles and information:

Learn how our Security Practice can help you

Mainline Recognized By CIOReview as “Most Promising ERM Solution Provider”

Mainline