Ransomware attacks underscore that cybersecurity is a business issue, not an IT issue
Ransomware, a growing threat to individuals, governments, and private companies, is a type of cyberattack that leverages malware to block access to a computer system and its content until a ransom is paid.
In addition to the financial impacts of their ransom demands, these attacks can also impact safety or operations for the targeted company and beyond. Attackers may threaten to sell or leak sensitive data, as in a recent attacks on the Washington, D.C., police department that reportedly led to the leak of sensitive documents and officers’ personal information. The high-profile attack on Colonial Pipeline reported May 7, 2021, led Colonial to shut down its pipeline operations for several days, sparking widespread urgent gasoline purchases in several states due to the perception of shortages – which, in turn, created shortages in some areas.
Why ransomware attacks are becoming more prevalent
- Large payoffs. In 2020, ransoms paid averaged at about $300,000, and ranged up to $10 million. Colonial Pipeline reportedly paid $4.4 million in ransom.
- Difficult-to-trace payoff. The advent of cryptocurrency enables ransomware threat actors to collect funds because the currency is difficult to trace.
- Adaptable and easy to share. In the Colonial Pipeline incident, the FBI identified the ransomware as that of the DarkSide group, “a ransomware as a service variant, where criminal affiliates conduct attacks and then share the proceeds with ransomware developers.”
- Easy access to the weakest link. Ransomware actors have been successful at exploiting the weakest link in the cybersecurity lifecycle: humans. Employees are easily deceived into clicking links that provide threat actors the entry point to the organization’s systems.
How to protect your organization
To avoid or mitigate ransomware attacks, organizations need to have insight into their enterprise-wide risk, including their third-party landscape and the security measures deployed across their business environment, as well as the extended enterprise as a whole.
Consider these steps to help protect your organization against these sophisticated attacks:
- Conduct a cybersecurity risk assessment to help identify where critical data is located, how that data is classified, who can access it, and how it is protected.
- Develop a formally documented and frequently tested incident response (IR) plan that details how to detect incidents and how to respond when they occur, from minimizing financial, reputational, and regulatory consequences to notifying all appropriate affected parties.
- Know which applications are running and whether they are patched and up to date. It is critical (whether for in-house or procured applications) that secure coding best practices are leveraged and that security impact analysis is done prior to pushing to production.
- Enforce basis security measures such as multi-factor authentication, patching of operating systems in a timely manner, and employing need-based access controls.
- Ensure that regular backups are performed and a copy of the most recent backup is stored offline. Additionally, make sure to test that the backups are recoverable in the event that your systems and data are corrupted as a result of the malware attack and recovery.
- Implement technologies and processes such as:
- A security information and event management (SIEM) solution that automates threat detection
- Network monitoring tools
- Endpoint threat detection and response
- Anti-malware software on all devices and the network
- Ongoing vulnerability scanning
- Frequent penetration testing
- Automated patch management tools for applications and operating systems
- Data loss prevention
- Situational awareness of the latest threats
- Ongoing employee training and awareness programs
With the publication of President Biden’s Executive OrderImproving the Nation's Cybersecurity , the U.S. government has recognized that Colonial Pipeline and other recent incidents “share commonalities, including insufficient cybersecurity defenses that leave public- and private-sector entities more vulnerable to incidents.” The work needed to reduce the national risk will require strong partnerships across both the private and public sectors.
Contact our team for more information on how to prepare for, detect, and respond to cyber incidents.
Bhavesh Vadhani, Principal, National Director, Cybersecurity, Technology Risk, and Privacy
InsightInfrastructure bill contains new reporting requirements for cryptocurrency ‘brokers’Lee PetersonThe bill could impact how “digital assets” are reported, alter the definition of “broker,” and impose fines and penalties for noncompliance. Read more.
Insight3 takeaways for companies that plan to bid on airport (and other) infrastructure P3 projectsPrivate companies hoping to work on future airport projects will need to plan for post-COVID-19 expectations, DEIB and cybersecurity responsibilities, and more.
Insight11 key infrastructure risks to mitigate across the public-private partnership (P3) lifecycleJeremy SwanLearn the top risks investors seeking profitability in infrastructure P3s must address throughout a project’s design, build, financing, and operations phases.
InsightFed chief: Cyberattacks are the greatest risk to the financial sectorBhavesh Vadhani, Jeremy SwanCybersecurity is the responsibility of everyone participating in the economy. Read about the current risks and top threats financial institutions should watch for.
InsightVirginia’s new privacy law offers a preview into the future of privacy and complianceBhavesh Vadhani, Deborah NitkaRead how the new data privacy legislation compares with the CCPA and GDPR, what affected companies should do moving forward, and more.