Why Enterprises Must Take Ransomware Attacks Seriously

Ransomware attacks are well-documented as a legitimate threat, but haven’t often been taken seriously until recently. Preventing a problem that may or may not happen wasn’t seen as a worthy IT or security investment, due to cost and blind faith that “It won’t happen to us.” Of course, this mindset is like taking out an insurance policy – you don’t see the benefits until something bad happens.

Fast forward to this year; the global pandemic took over our lives. Ransomware attacks are becoming more common than ever, and have skyrocketed by over 700% since last year. Cybercriminals are extorting companies with ransomware strains like STOP (DJVU), Dharma, Phobos, Globelmposter, REvil, GandCrab, Magniber and Scarab.

Ransomware Attacks: A Potentially Expensive Risk

The impact of a ransomware attack can be devastating. The average attack can cost over $1 million. An attack can take a company offline for five to 10 days, adding up to millions more in lost productivity and damages. Employees don’t get paid. Insurance benefits don’t happen. A business can easily go bankrupt overnight. Ransomware attacks can take down an entire company overnight.

For companies in some industries, like the growing list of health care providers that have already experienced ransomware attacks this year, the implications could be life or death. In health care, ransomware jeopardizes the well being of medical patients because they can’t be properly cared for without working systems. Healthcare providers already have a lot to deal with when it comes to COVID-19; add in ransomware attacks and, when it rains, it pours.

The pace of ransomware attacks shows no sign of slowing down, so companies should invest in endpoint detection and response solutions now before they become the next attack victim.

How to Protect Yourself From Ransomware Attacks

Enterprises are running out of time to give ransomware the attention it deserves. By taking the proper precautions, you can shield your organization from potential ransomware attacks before they happen. There are four key steps you should take to protect your organization from ransomware.

Determine Ransomware Attack Risks and Exposure

To lay the foundation for a more secure company network, you must identify every weakness in your organization’s systems.

The most effective way to find your system’s vulnerabilities and exposure points is by conducting a vulnerability audit and assessment. There are tools available for this purpose that can perform white and/or gray box tests along with simulated social engineering techniques to evaluate your organization’s security posture.

With a better understanding of your organization’s network weaknesses, you can then build a long-term vulnerability management program. Your program should include ongoing periodic security scans, real-time discovery alerts for new vulnerabilities that arise and regularly scheduled vulnerability reviews. These and other precautionary measures help you continuously identify, assess and remediate security issues within your IT environment.

Establish Endpoint Detection and Response (EDR)

The key to implementing effective ransomware prevention is endpoint detection and response (EDR), which is even more important if most of your company’s employees work from home. The risk for remote endpoints like laptops, mobile phones and other devices increases exponentially if home networks aren’t secure. Endpoints in the data center and the cloud are also at risk.

Endpoint deficiencies often expose organizations to many different ransomware attacks, including Locky, WannaCry and Troldesh. No matter how much you trust employees or remind them of cybersecurity risks, one wrong click or malicious file can lead to a catastrophic ransomware attack. This makes endpoint protection crucial. A comprehensive endpoint protection tool should offer 24/7 endpoint security management and malware event detection and analysis. A quality solution also should use advanced algorithms to detect and contain ransomware based on cybercriminals’ actions and leverage ransomware-resistant, next-generation security technologies.

Establishing EDR effectively takes your cybersecurity beyond standard signature-based antivirus and threat detection methods that have little to no chance against more sophisticated ransomware attacks. In fact, investing in an updated EDR system makes a successful ransomware attack virtually impossible.

Implement a 24/7 Security Operations Center (SOC)

Cybercriminals who conduct ransomware attacks are strategic in their timing. Most attacks tend to occur over the weekend; usually late at night. For example, a ransomware attack could ignite on Sunday at 2 a.m. with a logic bomb that runs through Sunday evening to harvest loads of data. I’ve heard firsthand horror stories from IT teams forced to spend their Sunday dealing with the immediate aftereffects of a ransomware attack and debating if they should pay a cybercriminal in bitcoin because the attack already went too far.

Because a ransomware attack can occur at any moment, it’s critical to employ a 24/7 security operations center (SOC) team to monitor your environment. Whether internal or outsourced, SOC teams keep watch over your IT environment at all times to prevent potential attacks and respond quickly if an attack does happen.

Consult a Managed Service Provider (MSP)

At a time when IT budgets may be reduced and ransomware attacks are running rampant, a managed service provider (MSP) or a managed security service provider (MSSP) can keep your company protected at an affordable rate. Partnering with an MSSP or MSP also helps you overcome the current cybersecurity talent shortage by saving on the high cost of hiring security talent.

An MSP places a team of security experts at your disposal. Many MSPs have decades of experience and have guided other companies through past ransomware attacks. MSPs also save you time and research in finding the best ransomware protection technology to meet the specific needs of your company’s network. Most MSPs have partnerships with top technology providers and can help your organization identify the right security solution, such as an EDR system. MSPs can also manage EDR for you so your team can work smarter, not harder, to prevent ransomware attacks.

Invest in Proactivity or Pay the Price of Reactivity

At this point, it’s not a matter of if you’ll face a ransomware attack, it’s a matter of when. So ask yourself: Would you rather invest in the protection needed to prevent a catastrophic event from happening and tell your board of directors that you are capable of responding to a ransomware attack? Or would you rather roll the dice and take the chance that you’ll be paying a cybercriminal thousands, or even millions, on a Sunday afternoon, to recover your company systems? The choice is yours.

Syntax

Matthew Rogers

Matthew Rogers joined Syntax as the company's Chief Information Security Officer of the Americas in August 2020. In this role, Rogers works with Syntax's Global Product Management team to develop innovative security solutions for Syntax's global customers. He also leads Syntax's Security Operations team for the Americas region. He has designed, implemented and staffed cybersecurity programs and strategies for almost 15 years.

matthew-rogers has 1 posts and counting.See all posts by matthew-rogers