How to protect your organisation from Ransomware and Cyber Extortion
The growing threat of ransomware and cyber extortion is consistently said to be the most significant threat to organisations, according to boards and senior executives across industry and governments. Experts worldwide warn that these attacks have reached “pandemic” proportions, and that it is imperative for companies to develop both prevention and response strategies.
Given that governments and law enforcement are struggling to take sufficient steps towards solving this chronic cyber crime issue, the private sector must put more effort into preventing these attacks and minimising the damage if they occur.
The question is, who’s likely to be a victim?
Every single organisation is a potential target.
The scale of impact of ransomware alongside other types of cyber extortion has grown since 2017, rocketing in 2021 due to global increase in online presence.
How would an attack impact your organisation?
In CyberCX’s work with victim organisations, the most significant impacts from ransomware attacks are:
- Operational disruption, impacting delivery of services to customers
- Lost revenue due to missed business while operations were disrupted
- Customers leaving due to security or privacy concerns, exacerbating lost revenue
- Cost of response and remediation activities
- Cost of restoration from destructive attacks where data cannot be decrypted
- Reputational damage including impacts on share value
- Costs incurred from failing to meet obligations to third parties, including penalties for contractual non-performance
- Personal impact on staff, which are often overlooked, but very real
The aftermath of a cyberattack can be felt by organisations long after it ceases, sometimes for many months.
Protect Your Organisation with Best Practice Security Controls
To mitigate the risk of ransomware and data theft extortion, organisations should review their security capabilities to ensure they are addressing the following seven priority areas.
- Plan ahead to recover from a disruptive attack
A well-documented business continuity, technical resilience and cyber incident response plan will enable your organisation to respond to and reduce the effect when a cyber security incident occurs.
- Defuse phishing emails
Phishing emails continue to be the most common and effective attack vector.
To defend against phishing emails, organisations should use automated filtering and proactively educate staff to identify and report phishing emails if they get past the filter.
- Identify and address software vulnerabilities
New vulnerabilities are often identified in common technology platforms such as mail servers, firewalls, content management systems or online management portals. The risks posed by these vulnerabilities quickly escalates when researchers or threat actors develop and publish exploits online.
- Fortify access points
A significant number of incidents CyberCX investigators respond to occur because organisations have not properly secured access points into their systems, including both on-premises networks and cloud-based application platforms.
- Prevent malware from executing inside your network
Anti-malware technologies can still be effective at preventing or restricting ransomware execution. All systems should have anti-malware technologies installed, configured to actively block malicious activities, and updated with the latest attack signatures.
- Clean up your organisation’s data
With the increase in data theft extortion attacks, organisations should take steps to minimise the availability of confidential data on systems, especially in easy-to-reach locations such as shared network drives and user mailboxes.
- Manage privileged access
Most activities across a network occur within the context of a user account. A key objective for most attackers is to obtain access to privileged accounts to effectively carry out their attacks. Organisations can counter this by both closely managing access to privileged accounts and monitoring their use.