Ransom: Prepare For The Worst

It’s official: no sector is safe from ransomware. According to an alert from the US Cybersecurity and Infrastructure Security Agency (CISA), organisations everywhere, from charities to defence and financial services, are likely to be targeted by criminals seeking to gain access to sensitive networks and make them inaccessible, only releasing them for a fee. 

What’s particularly worrying about the spread of ransomware is the increased sophistication of the technology behind the attacks. CISA put it best when it observed that in 2021 authorities in the US, UK and Australia had seen “an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organisations globally.” 

A New Threat Era

While many of the methods used to gain entry (such as phishing, brute force or exploiting vulnerabilities) remain the same, the approaches used are now incorporating innovations like ransomware-as-a-service. The BlackCat/ALPHV RaaS is a good example of this, having breached at least 60 organisations globally as of the end of March 2022. 

In fact, it is the evolving nature of ransomware that is keeping many people up at night, with Gartner placing new ransomware models as the top concern facing executives in 2021, ahead of talent, a COVID-19 endemic and supply chain disruptions. 

They’re disturbed by it because there seems to be no end in sight; every time businesses think they’ve found a way to protect themselves, cyber threats evolve - and ransomware is no different. 

Does that mean there is no solution? No, but it means a change in mindset is required. Again, it is very much a case of when, not if, companies will be subject to a ransomware attack - and accepting that can go a long way to helping protect the organisation. 

Four Steps To Combatting Ransomware

Of course, it will take more than accepting the inevitable to keep cyber-attacks at bay. But understanding that a business will be targeted, particularly in a sector perceived to be as cash rich as financial services, can help companies lay the groundwork and take the first step to combat ransomware. 

And that step is preparation. If you know and accept something will happen, you can plan for it. When it comes to ransomware (or indeed any type of attack), having a good incident response plan is vital. It allows decision-makers to calmly assess what needs to be done and quickly act in the event of an attack. It’s critical to be able to access that plan at a moment’s notice, so make sure that there is a physical copy available (as well as anything stored on servers and networks). It might seem a bit anachronistic to prepare for a digital assault with a piece of paper, but if an attack succeeds in locking you out of that file, what will you do then? 

Having a plan might seem like an obvious part of preparation. What’s becoming more common is testing those plans. This could be tabletop ‘what if’ scenarios, with different people pulling plans apart to identify any areas of improvements. It could even be a full war game session, where teams take on different roles and are pitted against each to see how they would react in the event of a real attack. 

Closely linked to preparation is the second step: senior buy-in. Getting C-Level executives to buy-in to all aspects of cyber defence can be the difference between success and failure. When so much of ransomware is based on fast access to sensitive networks, it is imperative that everyone, from top to bottom, understands basic cyber hygiene principles and invests in maintaining (and indeed enhancing) their security education. No one is immune from being targeted, and high profile leaders are particularly visible: just ask the country CEO of one company, who was tricked into transferring company funds to cyber criminals that used deep fake technology to mimic the executive’s boss. While that wasn’t ransomware, it does highlight how important it is to educate everyone on the need for proper security processes.

That training also needs to reflect the current state of working today. With more people working remotely, companies need to protect not just corporate networks in the office, but the endpoints their staff are using from a variety of different locations. That means adapting policies and procedures, rethinking how you look at securing perimeters and implementing approaches that support people to work where they need to, without compromising security. That could mean, for example, an additional layer of security when handling communication to avoid attackers impersonating colleagues. 

The final step is to understand how you can mitigate successful attacks, i.e., the ones that do get in. That means constantly monitoring for signs of penetration, and then having the means to isolate the affected area rapidly. Your incident response plan will provide further details on what to do, which could include informing customers, investors, shareholders, regulatory bodies and other government agencies, depending on the nature of the attack and what has been targeted. There could also be a need to liaise with insurance providers, who may offer services relating to ransomware attacks. These might include recovery services, their own incident response management teams or liability cover to name but a few. 

Bear in mind that while many stakeholders will tolerate disruption from a cyberattack, they will not accept a lack of action when it comes to mitigating the impact. In some instances, as well as a hit to reputation and revenue, there could be regulatory punishments: something one US pipeline operator is currently facing due to a perceived failure to properly plan and respond to an attack. 

Should You Pay The Ransom?

There’s one other thing to consider when it comes to ransomware attacks: should you pay the ransom? Depending on the data affected and the demand that’s come from the attackers, it can sometimes be tempting to throw money at the problem. Yet this increasingly isn’t an option: depending on where the business operates, it might incur a fine or even be considered illegal, and it could well invalidate insurance. 

Instead, it's best to prepare for the worst: have a plan, educate your teams with training that reflects the reality of work today and be prepared to act fast. This is the only way financial services organisations can combat aggressive ransomware threats. 

Simon Eyre is Managing Director and CISO at Drawbridge

You Might Also Read: 

Ransomware’s Serious Effects On Cyber Security:

 

« Fixing The Cyber Security Workforce Gap
Edge AI: The Future of Artificial Intelligence And Edge Computing »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Cyber Security For Critical Assets (CS4CA)

Cyber Security For Critical Assets (CS4CA)

Cyber Security For Critical Assets is a global series of summits focusing on cyber security for critical infrastructure.

Virgil Security

Virgil Security

Virgil Security provides easy-to-deploy and easy-to-use cryptographic software and services for use by developers and end-users.

Alyne

Alyne

Alyne is a Munich based 2B RegTech offering organisations risk insight capabilities through a Software as a Service.

Forgepoint Capital

Forgepoint Capital

ForgePoint Capital is a premier venture investor for early stage cybersecurity companies.

Blu Venture Investors (BVI)

Blu Venture Investors (BVI)

Blu Venture Investors is a venture capital firm that supports early stage companies with a focus on technology in diverse domains including cybersecurity, IoT, defense and homeland security.

Cohesity

Cohesity

Cohesity radically simplifies the way businesses back up, manage, protect, and extract value from their data—in the data center, at the edge, and in the cloud.

Neovera

Neovera

Neovera is a trusted provider of managed services including cyber security and enterprise cloud solutions, committed to delivering results through the innovative use of scalable enterprise-grade tech.

Voxility

Voxility

Voxility provides Infrastructure-as-a-Service in the biggest Internet hubs in the world.

ISMAC

ISMAC

ISMAC was founded to create a security solution that would work for smaller to medium as well as bigger corporations at an affordable price.

Inetum

Inetum

Inetum (formerly Gfi Informatique) is an agile IT services providing digital services and solutions, and a global group that helps companies and institutions to get the most out of digital flow.

Sollensys

Sollensys

Sollensys is a leader in commercial blockchain applications. Our flagship product, The Blockchain Archive Server™ is the best defense against the devastating financial loss that ransomware causes.

Spotit

Spotit

Spotit offers a wide-ranging portfolio of technologies and services, from consultancy, assessments and pentesting to the set up of completely new security and network infrastructures.

RB42

RB42

RB42 (formerly Nexa Technologies) provide cyber defense solutions (ComUnity, secure and encrypted messaging, detection of interception tools, etc) and cyber defense consultancy service.

Protecto

Protecto

Make privacy and governance effortless. Brakes allow you to drive faster. Stronger data privacy and security enable companies to unlock the full potential of the data.

Triovega

Triovega

Triovega are a leading provider for production security and efficiency. Our solutions enhance OT security, and reduce production downtime.

Adsigo

Adsigo

Adsigo AG is your reliable and professional partner for all topics concerning PCI certification, compliance and information security.