A successful ransomware attack can devastate an organization. And even paying the ransom doesn’t mean your company won’t suffer lasting damage. A report released Tuesday by security provider Cybereason looks at the impact of ransomware on many organizations and offers advice on how to defend yourself against these types of attacks.
Ransomware attacks are on the rise
To create its 2022 report, Ransomware: The True Cost to Business, Cybereason commissioned Censuswide in April 2022 to survey more than 1,400 cybersecurity professionals in the U.S., the U.K., Germany, France and other countries. Organizations with 700–999 employees accounted for 52% of the responses. Those with 1,000–1,499 employees comprised 33%. And organizations with more than 1,500 employees accounted for the rest.
Among the respondents, 73% revealed that their organization was targeted by at least one ransomware attack over the past 24 months. That percentage is up from 55% in Cybereason’s 2021 report.
SEE: Ransomware: How executives should prepare given the current threat landscape (TechRepublic)
Paying the ransom doesn’t guarantee secure or intact data
To pay or not to pay is a question every ransomware victim must decide. Among those who opted to pay, 49% said they did so to avoid a loss in revenue; 41% said they paid to expedite the recovery of their compromised files; 34% were short staffed; and 28% were part of a critical industry, so they paid the money to avoid downtime that could result in injury or loss of life.
However, paying the ransom does not guarantee your encrypted data will be fully restored or that your organization will be safe from future attacks.
More than half of those surveyed said they still ran into system issues or corrupted data even after paying to have their data decrypted. And some 80% of those who paid were victims of a second attack. In fact, many of them were hit less than a month later, several by the same attackers and some for an even higher ransom amount.
How to protect your organization from ransomware attacks
The damage done by a successful ransomware attack can easily last beyond the initial incident. Among the respondents, 37% said they were forced to lay off employees following an attack, 35% revealed that several C-level executives were forced to resign and 33% admitted they had to close their business either temporarily or permanently.
To protect your organization from ransomware attacks, Cybereason offers the following tips:
Follow best practices for your cybersecurity
This means making sure you patch critical vulnerabilities in a timely way, update your operating systems and software, conduct offsite backups, set up security training for employees and deploy the right security products on your network.
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
Set up multilayer security defenses
Next-generation antivirus, or NGAV, should be standard on all your network endpoints. The goal is to prevent ransomware attacks by scanning for known tactics as well as custom malware.
Use endpoint and extended detection and response (EDR and XDR) tools
Such solutions can detect and analyze malicious activity across your network. The idea is to stop a ransomware attack before any data is exfiltrated and encrypted and before the ransomware payload can be delivered.
Make sure key security personnel are accessible
The necessary security staffers should be available at any time of the day, especially during weekends and holidays. Make sure that all on-call work assignments for security staffers are clear to everyone.
Run periodic tabletop drills
Tabletop drills and exercises test the responsiveness of key employees with a simulated cyberattack. Designed to improve your incident response measures, these drills should be cross-functional and include people in the legal, HR (human resources), IT and executive departments.
Test your lockdown procedures
In the event of a ransomware attack, you need to know how to disable or lock down affected accounts, systems and other resources to prevent the attack from spreading. Your security staff should be proficient at disconnecting a host system, locking down a compromised account and blocking a malicious domain. Be sure to test these procedures with both scheduled and unscheduled drills at least once each quarter.
Look at external security options
If your organization lacks the necessary people or skills to effectively combat cyberattacks, evaluate managed service providers who can take on that role in the event of any emergency.
SEE: Mobile device security policy (TechRepublic Premium)
Lock down critical accounts during weekends and holidays
Since critical accounts are the most vulnerable during a ransomware attack, consider locking down those accounts during weekends and holidays when they’re not being used. Instead, set up secured, emergency-only accounts people can use when other critical accounts are disabled and unavailable.