Ransomware is a bigger threat than ever. Attacks are becoming more frequent and more severe, and some companies have even gone into bankruptcy as a result of ransomware attacks.
When discussing the cause of this crisis, there is a lot of finger pointing— blaming Russia, China, North Korea and Iran for their role in facilitating and supporting hackers. However, our own attitudes toward cybersecurity are as much to blame for ransomware attacks as rogue states.
On a fundamental level, the fact is that many companies still don’t understand the nature of the ransomware threat. They tend to think of cybersecurity like a castle wall— if you want higher security, just make a bigger, thicker wall.
So companies get better antivirus software and increase their IT security budgets, but what is really needed is a new way of thinking about cybersecurity. It’s not enough to just add more security features. What most companies really need is to restructure their operations to be more resilient to cyber threats.
Damage Control: Understanding How Ransomware Spreads
One of the biggest problems is that companies tend to focus too much on preventing attacks from happening at all, and don’t think enough about damage control once an attacker breaches the network. This is understandable— most companies would rather not get hacked at all, and so they plan accordingly. But as the saying goes, “hope for the best and prepare for the worst.”
Companies that understand how ransomware spreads through a network can put in place measures that prevent ransomware from propagating. This can drastically reduce the percentage of a network infected, greatly reducing the severity of an attack.
Ransomware hackers set their ransom according to how much data they are able to compromise. If they are unable to spread through the network, in many or most cases they will be unable to pressure companies into paying a ransom.
Know Your Attack Vectors
Another common misunderstanding that many companies have is a lack of understanding about attack vectors. There’s a lot of focus on preventing exploits, which is definitely a good thing, but the majority of ransomware attacks rely on two attack vectors in particular; remote desktop protocols and phishing.
It’s very common for companies to neglect phishing awareness. Many companies are implementing phishing awareness training for employees, but as the saying goes, “an ounce of prevention is worth a pound of cure.” Even better is to look for cybersecurity awareness when hiring employees. A savvy employee will be able to detect phishing and won’t bite.
Understanding Data Sensitivity
Some companies go overboard when it comes to security. They become so focused on preventing an attack from happening at all, that they end up crippling their own operations.
This is partly due to an obsession with not getting hacked at all. This is understandable— obviously the ideal is not to get hacked. However, too many security features can bog down employees with constantly having to enter 2FA codes, look up unique passwords, contact ID or colleagues for access to certain features.
In some cases these security measures become such a drag that they end up getting disabled completely, increasing attack vulnerability.
Companies that understand the way ransomware works also understand that there are certain types of data and parts of the system that require more protection than others. With this knowledge, they can balance operational security with the efficiency of their work flow.
Knowing What to Do When You Get Hit
Companies tend to hope for the best, but this can get in the way of preparation. Many times, unprepared management can panic when a ransomware attack happens.
Hackers know this, and they intentionally try to put pressure on victims by setting time limits. For example, they might make threats like “Pay us within 48 hours or all your data will be lost!” or “Pay us within 72 hours, or all of your data will be released to the public!”
For companies without a good ransomware response plan in place, this can easily lead to making bad decisions. For example, they may end up paying more than they need to due to being unaware of negotiating techniques.
Another common mishap is to attempt to find a decryption tool. There are a number of scammers on the internet that offer miracle solutions, but as soon as you pay, just demand more money or disappear. Under normal circumstances, you might detect the scam, but under pressure it’s easier to miss red flags.
If you have a good plan in place, you’ll know what to do and execute it quickly and smoothly, without falling into the many pitfalls of ransomware response.
The New Normal
Ransomware preparedness is no longer optional. The number, scale, and sophistication of attack is steadily growing, so it pays to be prepared.
Ransomware preparedness should not just be the domain of the IT security guys— everyone in the company should have a high level understanding of how ransomware works, and the organization structure of every company should be adjusted to reflect a higher degree of ransomware preparedness.