Ransomware attacks underscore that cybersecurity is a business issue, not an IT issue
Ransomware, a growing threat to individuals, governments, and private companies, is a type of cyberattack that leverages malware to block access to a computer system and its content until a ransom is paid.
In addition to the financial impacts of their ransom demands, these attacks can also impact safety or operations for the targeted company and beyond. Attackers may threaten to sell or leak sensitive data, as in a recent attacks on the Washington, D.C., police department that reportedly led to the leak of sensitive documents and officers’ personal information. The high-profile attack on Colonial Pipeline reported May 7, 2021, led Colonial to shut down its pipeline operations for several days, sparking widespread urgent gasoline purchases in several states due to the perception of shortages – which, in turn, created shortages in some areas.
Why ransomware attacks are becoming more prevalent
- Large payoffs. In 2020, ransoms paid averaged at about $300,000, and ranged up to $10 million. Colonial Pipeline reportedly paid $4.4 million in ransom.
- Difficult-to-trace payoff. The advent of cryptocurrency enables ransomware threat actors to collect funds because the currency is difficult to trace.
- Adaptable and easy to share. In the Colonial Pipeline incident, the FBI identified the ransomware as that of the DarkSide group, “a ransomware as a service variant, where criminal affiliates conduct attacks and then share the proceeds with ransomware developers.”
- Easy access to the weakest link. Ransomware actors have been successful at exploiting the weakest link in the cybersecurity lifecycle: humans. Employees are easily deceived into clicking links that provide threat actors the entry point to the organization’s systems.
How to protect your organization
To avoid or mitigate ransomware attacks, organizations need to have insight into their enterprise-wide risk, including their third-party landscape and the security measures deployed across their business environment, as well as the extended enterprise as a whole.
Consider these steps to help protect your organization against these sophisticated attacks:
- Conduct a cybersecurity risk assessment to help identify where critical data is located, how that data is classified, who can access it, and how it is protected.
- Develop a formally documented and frequently tested incident response (IR) plan that details how to detect incidents and how to respond when they occur, from minimizing financial, reputational, and regulatory consequences to notifying all appropriate affected parties.
- Know which applications are running and whether they are patched and up to date. It is critical (whether for in-house or procured applications) that secure coding best practices are leveraged and that security impact analysis is done prior to pushing to production.
- Enforce basis security measures such as multi-factor authentication, patching of operating systems in a timely manner, and employing need-based access controls.
- Ensure that regular backups are performed and a copy of the most recent backup is stored offline. Additionally, make sure to test that the backups are recoverable in the event that your systems and data are corrupted as a result of the malware attack and recovery.
- Implement technologies and processes such as:
- A security information and event management (SIEM) solution that automates threat detection
- Network monitoring tools
- Endpoint threat detection and response
- Anti-malware software on all devices and the network
- Ongoing vulnerability scanning
- Frequent penetration testing
- Automated patch management tools for applications and operating systems
- Data loss prevention
- Situational awareness of the latest threats
- Ongoing employee training and awareness programs
With the publication of President Biden’s Executive OrderImproving the Nation's Cybersecurity , the U.S. government has recognized that Colonial Pipeline and other recent incidents “share commonalities, including insufficient cybersecurity defenses that leave public- and private-sector entities more vulnerable to incidents.” The work needed to reduce the national risk will require strong partnerships across both the private and public sectors.
Contact our team for more information on how to prepare for, detect, and respond to cyber incidents.
Bhavesh Vadhani, Principal, National Director, Cybersecurity, Technology Risk, and Privacy
InsightFed chief: Cyberattacks are the greatest risk to the financial sectorBhavesh Vadhani, Jeremy SwanCybersecurity is the responsibility of everyone participating in the economy. Read about the current risks and top threats financial institutions should watch for.
InsightVirginia’s new privacy law offers a preview into the future of privacy and complianceBhavesh Vadhani, Deborah NitkaRead how the new data privacy legislation compares with the CCPA and GDPR, what affected companies should do moving forward, and more.
InsightSupport rapid delivery of secure software with DevSecOpsBhavesh Vadhani, Thomas McDermott, Tauseef ShaikhThe DevSecOps software development model has security built into all phases of its lifecycle, which can help reduce flaws and the costs of fixing them. Learn more.
InsightHow to assess risk for emerging technologies – before you use themBhavesh Vadhani, Thomas McDermottDon’t start using artificial intelligence, robotic process automation, and other newer tools without taking these steps to protect your organization and data.
InsightSolarWinds breach underscores the need for monitoring third parties’ securityBhavesh Vadhani, Deborah NitkaThe malware attack on software provider SolarWinds shows that companies must understand their supply-chain risks – and their own business environment. Learn more.