When technology contain attack surfaces, accelerated digitalization creates a perfect storm for ransomware. What are the basics of staying safe?

There are two types of organization—those that know that they have had a cybersecurity breach, and those that do not.

With ransomware accounting for a rapidly growing proportion of breaches, not knowing you have been breached is less likely.

Why is ransomware becoming more widespread? Increased digitalization; remote-working; accelerated adoption of cloud computing; and growth in the popularity of Internet of Things devices have all contributed toward expanding the attack surface for threat actors.

Also, launching a ransomware attack is a relatively easy and low risk way to make money nowadays. Threat actors are usually outside the jurisdiction where the attack takes place, and they are typically protected by the absence of extradition treaties between the country where the crime occurred and the country from where the attack was launched.

Throw in ransomware as a service (RaaS) kits and cryptocurrencies, and we have a perfect ransomware storm.

The perennial keys to safety

Organizations will not be able to completely eliminate the risk of ransomware attacks. They can, however, mitigate the risk of these attacks with a zero-trust approach to cybersecurity, renewed focus on cyber-hygiene training, and fine-tuned incident response plans:

  • Rigorously apply the principle of least privilege will make it harder for threat actors to gain the credentials that they need to move laterally within systems and networks.
  • Segment networks and isolate workloads to limit the blast radius of attacks that break through.
  • Conduct training and awareness campaigns to make employees less likely to download malware via phishing attacks or other social engineering activities.
  • Ensure that all sensitive data is classified and encrypted to make double extortion more difficult.
  • Rehearse incident response plans that prepare for ransomware attack that successfully exfiltrated data. A critical component of such a plan is backup and recovery. Backups are increasingly being targeted in well-orchestrated attacks, so organizations must find ways of ensuring that their data is stored in at least one immutable destination. This means that they can recover quickly—often almost instantly if the process is automated.

If companies follow cybersecurity best practices such as those outlined above, they should be able to manage ransomware risk and the misery associated with these attacks. If a ransomware attack occurs, well-prepared organizations will be able to recover rapidly and be comfortable in the knowledge that the data which has been stolen is of little or no value to the attackers.