This week, companies across at least 64 countries fell victim to a cyberattack attack known as Petya, which encrypted the hard drives of more than 2,000 victims. Making matters worse is the fact that it exploited the same security flaw that enabled the ransomware WannaCry to infect more than 300,000 PCs around the globe in May, meaning that it likely could have been avoided had companies patched their machines.
"As cyber risks continue to increase, corporate leaders can expect increasing calls for accountability in the private sector to manage those emerging risks," Sean Joyce, global financial crimes and US cybersecurity and privacy leader at PricewaterhouseCoopers (PwC), wrote in a recent blog post on LinkedIn.
For example, in 2016, the US Department of Health and Human Services issued guidance directing hospitals to report ransomware attacks, Joyce wrote. "Ultimately, however, significantly improving cybersecurity in your organization — and earning an edge in the marketplace as a result — is not about a compliance or checklist mentality," Joyce wrote. "Rather, it is about managing risks strategically across the entire enterprise."
Here are six pragmatic steps that enterprises can take to better manage ransomware risks, according to Joyce.
1. Perform strategic assessments of cyber threats and vulnerabilities
Enterprises should conduct frequent risk assessments that seek to understand how sophisticated hackers might be able to undermine their security system. This also helps identify where security gaps exist, and helps the C-suite better allocate resources to fix the most significant issues.
SEE: The Four Volume Cyber Security Bundle (TechRepublic Academy)
2. Rapidly spot and counter threats
Companies must strengthen their ability to rapidly identify, detect, and contain threats when they do occur, PwC wrote. C-suite members should also share threat data with peers and authorities to enhance actionable intelligence and drive security improvements across the industry.
3. Develop business continuity plans
Individual user systems and important servers should be able to be restored rapidly from backups in the event of a breach, PwC recommends. The frequency of backups should match the timeframe of data your company is prepared to lose in the event of any system being taken over.
4. Implement crisis and incident response planning
Enterprises must ensure formal procedures exist in which employees and those responsible for managing high-priority security incidents are able to streamline the organization's response to ransomware attacks, and its ability to restore services to both employees and customers.
5. Increase cyber hygiene policies and employee education
The most common ransomware delivery vector is phishing emails. IT leaders can help prevent ransomware from entering their network by implementing strong employee cyber hygiene process, and training employees the latest security threats. IT leaders can also enforce strong controls and email gateways and network perimeters, PwC said.
6. Manage and patch vulnerabilities as soon as possible
The vulnerabilities exploited in the Petya attack had already been addressed by Microsoft "critical" patches released in March, as well as this week. A strong vulnerability management program can help reduce the likelihood of exploitation, PwC said.
- Cybersecurity: Two-thirds of CIOs say threats increasing, cite growth of ransomware (TechRepublic)
- Ransomware: Now cybercriminals are stealing code from each other, say researchers (ZDNet)
- Ransomware: The smart person's guide (TechRepublic)
- Ransomware: More and smarter scams coming soon (ZDNet)
- Cybersecurity spotlight: The ransomware battle (Tech Pro Research)
Alison DeNisco Rayome is a Staff Writer for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.