If ransomware hits, will you pay the attackers? As tempting as it might be, there are many reasons not to pay. Ransoms are expensive. Paying some groups might even be illegal. And you give the impression of being an “easy target” for future attacks.
But the majority of businesses pay up. According to Proofpoint research, nearly 60% of companies globally pay a ransom following an attack. In the UK, this figure rises to 82%.
Prevention is better than cure. And even if the worst happens, there are measures you can take today to lessen the impact of a ransomware attack. Here are ten considerations to prevent or mitigate a ransomware attack.
At PrivSec London, Tuesday 28th February 2023 at 12:40 - 13:20 our expert panel including; Luke O’Brien, easyjet - Ameer Al-Nemrat, CSCoE-UEL - Ian Hill, Upp and Cameron Brown, Journal of Data Protection and Privacy will discuss: State-Sponsored Cyber Attacks and Business: Strategies, Insurance and Why Ransomware Is Still Booming.
Security is the foundation of any ransomware prevention strategy.
Organisations should implement reasonable and robust security measures, including firewalls, Intrusion detection and prevention systems, anti-malware software and endpoint protection.
Regular security audits and vulnerability assessments can help identify and address weaknesses in security regimes.
2. Data Backup
Maintaining backups is critical to mitigating the damage caused by a ransomware attack.
This means systematically and regularly creating copies of data stored across locations, both on-premises and in the cloud. A good backup strategy also involves testing the restore process to ensure that backups can be recovered in case of an attack.
3. Insider Threat Prevention
Organisations should train their employees on the dangers of phishing and social engineering tactics used by ransomware attackers and how to spot and report potential threats.
Employee awareness training should be accompanied by software that detects user error or suspicious activity. Such software should not impede your employees’ workflow, as this may lead them to try and circumvent security controls.
4. Software Updates
Keeping software up-to-date with the latest security patches and updates is crucial in preventing vulnerabilities that ransomware attackers can exploit.
This is a basic but often neglected security measure that can prevent disastrous outcomes. Many high-profile ransomware attacks have exploited outdated software, such as WannaCry and Solarwinds.
5. Network Segmentation
Segmenting your network and limiting the flow of data can help contain the spread of ransomware and stop it from reaching critical systems and data.
Segmentation can massively reduce the costs and harms associated with a successful ransomware attack.
Cyber insurance can help organisations recover from a ransomware attack by covering costs such as legal fees, public relations expenses, and data recovery costs.
Choose your cyber insurance provider carefully to ensure you will be covered in the event of a ransomware attack.
7. Breach Notification
Organisations should have a clear plan in place for reporting and communicating a ransomware attack to relevant stakeholders, including customers, employees, and regulatory bodies.
Bear in mind that different jurisdictions have different rules regarding when and whether regulators and individuals should be notified of a breach. Creating a comprehensive breach notification policy will help you manage these responsibilities.
8. Incident Response Plan
A comprehensive incident response plan should be in place to ensure that organisations are prepared to respond quickly and effectively to a ransomware attack. The plan should include steps for containment, eradication, recovery, and reporting.
Good communication is vital in the event of a cyberattack. Your incident response plan should detail exactly who to contact in the event of a ransomware attack, and what information should be provided.
9. Third-Party Risk Management
Organisations should regularly assess the security practices of third-party vendors and partners to ensure that they are not introducing vulnerabilities into the organisation’s systems.
Ransomware exploits supply chains by targeting the weakest links. Robust vendor risk management practices can help shield you from vulnerabilities among your suppliers and business partners.
10. Continuous Monitoring
Ongoing monitoring of systems, networks, and data can help organisations detect and respond to ransomware attacks in real time, reducing the impact and severity of an attack.
Once you’re hit by ransomware, the clock starts ticking. Every second of delay can make the impact of a ransomware attack more severe. Continuous monitoring can help you respond faster and more effectively.
PrivSec London is a two-day, in-person event taking place over 28th February and 1st March at the Park Plaza, Riverbank.
PrivSec London will feature thought leaders, industry experts and senior professionals from world- renowned companies sharing their knowledge, case studies and experience - and providing insightful, actionable content to an audience of end user professionals.
PrivSec London is a must-attend for data protection, privacy and security professionals who are keen to network, learn, discuss and seek out solutions.