Ransom: Prepare For The Worst

It’s official: no sector is safe from ransomware. According to an alert from the US Cybersecurity and Infrastructure Security Agency (CISA), organisations everywhere, from charities to defence and financial services, are likely to be targeted by criminals seeking to gain access to sensitive networks and make them inaccessible, only releasing them for a fee. 

What’s particularly worrying about the spread of ransomware is the increased sophistication of the technology behind the attacks. CISA put it best when it observed that in 2021 authorities in the US, UK and Australia had seen “an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organisations globally.” 

A New Threat Era

While many of the methods used to gain entry (such as phishing, brute force or exploiting vulnerabilities) remain the same, the approaches used are now incorporating innovations like ransomware-as-a-service. The BlackCat/ALPHV RaaS is a good example of this, having breached at least 60 organisations globally as of the end of March 2022. 

In fact, it is the evolving nature of ransomware that is keeping many people up at night, with Gartner placing new ransomware models as the top concern facing executives in 2021, ahead of talent, a COVID-19 endemic and supply chain disruptions. 

They’re disturbed by it because there seems to be no end in sight; every time businesses think they’ve found a way to protect themselves, cyber threats evolve - and ransomware is no different. 

Does that mean there is no solution? No, but it means a change in mindset is required. Again, it is very much a case of when, not if, companies will be subject to a ransomware attack - and accepting that can go a long way to helping protect the organisation. 

Four Steps To Combatting Ransomware

Of course, it will take more than accepting the inevitable to keep cyber-attacks at bay. But understanding that a business will be targeted, particularly in a sector perceived to be as cash rich as financial services, can help companies lay the groundwork and take the first step to combat ransomware. 

And that step is preparation. If you know and accept something will happen, you can plan for it. When it comes to ransomware (or indeed any type of attack), having a good incident response plan is vital. It allows decision-makers to calmly assess what needs to be done and quickly act in the event of an attack. It’s critical to be able to access that plan at a moment’s notice, so make sure that there is a physical copy available (as well as anything stored on servers and networks). It might seem a bit anachronistic to prepare for a digital assault with a piece of paper, but if an attack succeeds in locking you out of that file, what will you do then? 

Having a plan might seem like an obvious part of preparation. What’s becoming more common is testing those plans. This could be tabletop ‘what if’ scenarios, with different people pulling plans apart to identify any areas of improvements. It could even be a full war game session, where teams take on different roles and are pitted against each to see how they would react in the event of a real attack. 

Closely linked to preparation is the second step: senior buy-in. Getting C-Level executives to buy-in to all aspects of cyber defence can be the difference between success and failure. When so much of ransomware is based on fast access to sensitive networks, it is imperative that everyone, from top to bottom, understands basic cyber hygiene principles and invests in maintaining (and indeed enhancing) their security education. No one is immune from being targeted, and high profile leaders are particularly visible: just ask the country CEO of one company, who was tricked into transferring company funds to cyber criminals that used deep fake technology to mimic the executive’s boss. While that wasn’t ransomware, it does highlight how important it is to educate everyone on the need for proper security processes.

That training also needs to reflect the current state of working today. With more people working remotely, companies need to protect not just corporate networks in the office, but the endpoints their staff are using from a variety of different locations. That means adapting policies and procedures, rethinking how you look at securing perimeters and implementing approaches that support people to work where they need to, without compromising security. That could mean, for example, an additional layer of security when handling communication to avoid attackers impersonating colleagues. 

The final step is to understand how you can mitigate successful attacks, i.e., the ones that do get in. That means constantly monitoring for signs of penetration, and then having the means to isolate the affected area rapidly. Your incident response plan will provide further details on what to do, which could include informing customers, investors, shareholders, regulatory bodies and other government agencies, depending on the nature of the attack and what has been targeted. There could also be a need to liaise with insurance providers, who may offer services relating to ransomware attacks. These might include recovery services, their own incident response management teams or liability cover to name but a few. 

Bear in mind that while many stakeholders will tolerate disruption from a cyberattack, they will not accept a lack of action when it comes to mitigating the impact. In some instances, as well as a hit to reputation and revenue, there could be regulatory punishments: something one US pipeline operator is currently facing due to a perceived failure to properly plan and respond to an attack. 

Should You Pay The Ransom?

There’s one other thing to consider when it comes to ransomware attacks: should you pay the ransom? Depending on the data affected and the demand that’s come from the attackers, it can sometimes be tempting to throw money at the problem. Yet this increasingly isn’t an option: depending on where the business operates, it might incur a fine or even be considered illegal, and it could well invalidate insurance. 

Instead, it's best to prepare for the worst: have a plan, educate your teams with training that reflects the reality of work today and be prepared to act fast. This is the only way financial services organisations can combat aggressive ransomware threats. 

Simon Eyre is Managing Director and CISO at Drawbridge

You Might Also Read: 

Ransomware’s Serious Effects On Cyber Security:

 

« Fixing The Cyber Security Workforce Gap
Edge AI: The Future of Artificial Intelligence And Edge Computing »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Holm Security

Holm Security

Holm Security are taking vulnerability assessment into the next generation as a cloud service.

Crest International

Crest International

Crest is focused on professionalizing the technical cyber security market whilst driving quality and standards of organizations that operate within it.

Cyber Execs

Cyber Execs

Cyber Execs is a Cyber Security Consultancy & Executive Recruitment firm.

QA

QA

QA is a leading IT training provider in the UK with over 1,500 courses covering all areas of IT including Cyber Security.

Cellopoint

Cellopoint

Cellopoint is a leading manufacturer of information security and email lifecycle management (ELM) products.

Cycode

Cycode

Cycode is the industry’s first source code control, detection, and response platform.

Ten Eleven Ventures

Ten Eleven Ventures

Ten Eleven is a specialized venture capital firm exclusively dedicated to helping cybersecurity companies thrive.

Knovos

Knovos

Knovos is a leading technology innovator developing solutions for automating, integrating, and innovating Information Governance.

CYRISMA

CYRISMA

CYRISMA is a revolutionary cybersecurity platform that helps organizations manage risk without the usual headaches associated with enterprise cybersecurity tools.

Ostendio

Ostendio

Ostendio is a cybersecurity and information management solutions provider that develops affordable compliance solutions for digital health companies and other regulated entities.

Red Access

Red Access

Red Access provides the first SaaS-based platform to protect web browsing from cyber threats on any browser and any in-app while ensuring frictionless user experience.

Oasis Technology

Oasis Technology

Oasis Technology are experts in cyber security. In addition to pioneering the game-changing TITAN anti-hacking device, we provide extensive cyber security consulting services.

CyAmast

CyAmast

CyAmast is an IoT Network security and analytics company that is changing the way enterprise and governments detect and protect networks from the pervasive threat of cyber attacks.

NopalCyber

NopalCyber

NopalCyber makes cybersecurity manageable, affordable, reliable, and powerful for companies that need to be resilient and compliant.

Gcore

Gcore

Gcore is an international leader in public cloud and edge computing, content delivery, hosting, and security solutions.

Lumos

Lumos

Lumos, the Unified Access Platform to manage all access to apps and data.