How to change your expectations to match the realities of ransomware
Your expectations of your current IT Security capabilities don’t match the reality of what bad actors bring to the table.
No, I’m not talking about Ben Affleck, but bad actors in terms of criminals or criminal enterprises whose goals are to extort businesses for money. The big issue that is compounding things is the fact that the criminals are getting smarter and more professional using business-like approaches to ensure the outcomes they are looking for. Enter Ransomware as a Service (RaaS). Cloud tech folks will roll their eyes at a new “as a Service” but this one is nothing to scoff at.
Hackers have now figured out how to specialize and extend the reach of their services to ensure one thing — optimal payouts. And do they get paid? With cyber attacks up over 800% since the pandemic, Ransomware is the predominant player and the fact that many cyber insurance companies prefer to pay for the ransom which is usually 1/10th the cost of remediation vs. the remediation itself — it is creating a perfect storm. A perfect storm for the bad guys to win and you and your business to lose.
Why should I be worried about Ransomware and what can I do about it?
Ransomware is its simplest form is electronic extortion. Someone hacks into your IT infrastructure, encrypts your data without you knowing it and then once your systems and data are unusable you are forced to pay a ransom to get the decryption keys to get back your data. I would like to state for the record, that not everyone gets their data back and most businesses who pay the ransom have some issues with data restoration.
Here are some stats from a few recent industry articles:
- US Companies spent on average $2.09 million on remediation costs after an attack in 2020.
- Ransomware now accounts for 70% of malware attacks
- Ransomware as a Service (RaaS) is roughly 60+% of all ransomware attacks
Statistics vary wildly for how many companies actually pay the ransom upon infection. Some say 33% of companies pay the ransom while others state over 70%. Our personal local knowledge is nearly 100% but obviously this will vary by company size, sophistication, and other factors.
What do I do if I get infected with Ransomware?
1) Shut down your systems to prevent further infection.
2) Inventory your backups and test restore something on an isolated network that can be tested for Ransomware. Ransomware developers are smart — they know there is a normal rotation for backups and they know that if they can be patient and lay undetected in your systems during your rotation interval — they can then become a part of your backup as well. By restoring and then scanning for ransomware or its delivery vehicle you can know whether to trust your backups or not.
3) Do some forensic work either internally or hire a professional to better understand how the infection occurred.
4) Change your security posture! This usually means a major upgrade to multiple tiers of your security landscape. Forensic work and/or risk assessments can help you better understand which areas need the most focus.
What can I do now before I get infected?
Many businesses don’t know that they are infected so you may already be. Try to ensure that you stay up to date with patches and definitions for viruses/malware so that as researchers identify new strains of the bad stuff you can pick them up before it does damage.
Educate your workforce.
This is by far one of the best deterrents to cybercrime. Educate your end users on how to deal with phishing scams and other crafty ways of getting you to click on a malicious email. Educate your system administrators on how to manage locked down systems and networks. Educate your vendors on how to securely do business with you. Educate your customers on what you are doing to maintain their safety and what they can do to maintain their own.
Upgrade your Security
Step one — Have a professional IT Security risk assessment done. This is one of the only ways you will get your brain around what needs to change and by when. Find someone who is willing to help you prioritize items so that the biggest bang for you buck stuff is up front.
Step two — Fix every high priority item and then seriously look at medium priorities. Auditors/Assessors are good at finding things so you likely have a long list to work through — don’t worry about low risk items at this point — you can keep them on the back burner but its time to plug the big holes in the ship first.
Step three — Security is a journey not a destination. Build annual risk assessments, penetration tests and vulnerability scans into your normal routine and fix the items that come up right away. Getting all green assessments — trying switching vendors — this will keep you ahead of the game.
Step four — Think about what projects you can do to decrease the risk of attack. Change the way your remote workers access IT infrastructure. Test your backups more often. Go to a zero trust network model. There are lots of great ways to secure your IT infrastructure.
Educate and Invest. The bad guys have great tools and better infrastructure than they did 5 years ago. Do you still have the same infrastructure from five years ago? Same security? It’s time for an upgrade.
Don’t know where to start? drop us a line at firstname.lastname@example.org or check out our website: https://www.vegacloud.io/