Ransomware attacks underscore that cybersecurity is a business issue, not an IT issue
Ransomware, a growing threat to individuals, governments, and private companies, is a type of cyberattack that leverages malware to block access to a computer system and its content until a ransom is paid.
In addition to the financial impacts of their ransom demands, these attacks can also impact safety or operations for the targeted company and beyond. Attackers may threaten to sell or leak sensitive data, as in a recent attacks on the Washington, D.C., police department that reportedly led to the leak of sensitive documents and officers’ personal information. The high-profile attack on Colonial Pipeline reported May 7, 2021, led Colonial to shut down its pipeline operations for several days, sparking widespread urgent gasoline purchases in several states due to the perception of shortages – which, in turn, created shortages in some areas.
Why ransomware attacks are becoming more prevalent
- Large payoffs. In 2020, ransoms paid averaged at about $300,000, and ranged up to $10 million. Colonial Pipeline reportedly paid $4.4 million in ransom.
- Difficult-to-trace payoff. The advent of cryptocurrency enables ransomware threat actors to collect funds because the currency is difficult to trace.
- Adaptable and easy to share. In the Colonial Pipeline incident, the FBI identified the ransomware as that of the DarkSide group, “a ransomware as a service variant, where criminal affiliates conduct attacks and then share the proceeds with ransomware developers.”
- Easy access to the weakest link. Ransomware actors have been successful at exploiting the weakest link in the cybersecurity lifecycle: humans. Employees are easily deceived into clicking links that provide threat actors the entry point to the organization’s systems.
How to protect your organization
To avoid or mitigate ransomware attacks, organizations need to have insight into their enterprise-wide risk, including their third-party landscape and the security measures deployed across their business environment, as well as the extended enterprise as a whole.
Consider these steps to help protect your organization against these sophisticated attacks:
- Conduct a cybersecurity risk assessment to help identify where critical data is located, how that data is classified, who can access it, and how it is protected.
- Develop a formally documented and frequently tested incident response (IR) plan that details how to detect incidents and how to respond when they occur, from minimizing financial, reputational, and regulatory consequences to notifying all appropriate affected parties.
- Know which applications are running and whether they are patched and up to date. It is critical (whether for in-house or procured applications) that secure coding best practices are leveraged and that security impact analysis is done prior to pushing to production.
- Enforce basis security measures such as multi-factor authentication, patching of operating systems in a timely manner, and employing need-based access controls.
- Ensure that regular backups are performed and a copy of the most recent backup is stored offline. Additionally, make sure to test that the backups are recoverable in the event that your systems and data are corrupted as a result of the malware attack and recovery.
- Implement technologies and processes such as:
- A security information and event management (SIEM) solution that automates threat detection
- Network monitoring tools
- Endpoint threat detection and response
- Anti-malware software on all devices and the network
- Ongoing vulnerability scanning
- Frequent penetration testing
- Automated patch management tools for applications and operating systems
- Data loss prevention
- Situational awareness of the latest threats
- Ongoing employee training and awareness programs
With the publication of President Biden’s Executive OrderImproving the Nation's Cybersecurity , the U.S. government has recognized that Colonial Pipeline and other recent incidents “share commonalities, including insufficient cybersecurity defenses that leave public- and private-sector entities more vulnerable to incidents.” The work needed to reduce the national risk will require strong partnerships across both the private and public sectors.
Contact our team for more information on how to prepare for, detect, and respond to cyber incidents.
Bhavesh Vadhani, Principal, National Director, Cybersecurity, Technology Risk, and Privacy
Press ReleaseSun joins CohnReznick as Principal, CybersecurityDavid Sun leads CohnReznick’s security incident response and recovery; computer forensic and litigation support; and cloud security services.
InsightUnderstanding Zero TrustBhavesh Vadhani, Adonye ChamberlainRead about the evolution of this cybersecurity paradigm, why it is increasingly necessary, and how to get started on its implementation.
InsightBe on guard for phishing attacks amid bank collapsesBhavesh VadhaniAs scammers take advantage of the chaos caused by the Silicon Valley Bank and Signature Bank turmoil, keep these key security principles top of mind.
InsightProposed regulatory changes increase board responsibility for cybersecurity programsScott Corzine, Bhavesh VadhaniProposed regulations may increase the responsibility of corporate board directors with cybersecurity programs. Learn more.
Press ReleaseCohnReznick adds two senior leaders to growing Cybersecurity, Technology Risk, and Privacy practiceScott Corzine, Managing Director, and Stephen P. Gilmer, Director, have joined CohnReznick's Cybersecurity, Technology Risk and Privacy practice, bringing extensive experience in cybersecurity risk, risk management, compliance, and operational impact.