Ransomware attacks underscore that cybersecurity is a business issue, not an IT issue
Ransomware, a growing threat to individuals, governments, and private companies, is a type of cyberattack that leverages malware to block access to a computer system and its content until a ransom is paid.
In addition to the financial impacts of their ransom demands, these attacks can also impact safety or operations for the targeted company and beyond. Attackers may threaten to sell or leak sensitive data, as in a recent attacks on the Washington, D.C., police department that reportedly led to the leak of sensitive documents and officers’ personal information. The high-profile attack on Colonial Pipeline reported May 7, 2021, led Colonial to shut down its pipeline operations for several days, sparking widespread urgent gasoline purchases in several states due to the perception of shortages – which, in turn, created shortages in some areas.
Why ransomware attacks are becoming more prevalent
- Large payoffs. In 2020, ransoms paid averaged at about $300,000, and ranged up to $10 million. Colonial Pipeline reportedly paid $4.4 million in ransom.
- Difficult-to-trace payoff. The advent of cryptocurrency enables ransomware threat actors to collect funds because the currency is difficult to trace.
- Adaptable and easy to share. In the Colonial Pipeline incident, the FBI identified the ransomware as that of the DarkSide group, “a ransomware as a service variant, where criminal affiliates conduct attacks and then share the proceeds with ransomware developers.”
- Easy access to the weakest link. Ransomware actors have been successful at exploiting the weakest link in the cybersecurity lifecycle: humans. Employees are easily deceived into clicking links that provide threat actors the entry point to the organization’s systems.
How to protect your organization
To avoid or mitigate ransomware attacks, organizations need to have insight into their enterprise-wide risk, including their third-party landscape and the security measures deployed across their business environment, as well as the extended enterprise as a whole.
Consider these steps to help protect your organization against these sophisticated attacks:
- Conduct a cybersecurity risk assessment to help identify where critical data is located, how that data is classified, who can access it, and how it is protected.
- Develop a formally documented and frequently tested incident response (IR) plan that details how to detect incidents and how to respond when they occur, from minimizing financial, reputational, and regulatory consequences to notifying all appropriate affected parties.
- Know which applications are running and whether they are patched and up to date. It is critical (whether for in-house or procured applications) that secure coding best practices are leveraged and that security impact analysis is done prior to pushing to production.
- Enforce basis security measures such as multi-factor authentication, patching of operating systems in a timely manner, and employing need-based access controls.
- Ensure that regular backups are performed and a copy of the most recent backup is stored offline. Additionally, make sure to test that the backups are recoverable in the event that your systems and data are corrupted as a result of the malware attack and recovery.
- Implement technologies and processes such as:
- A security information and event management (SIEM) solution that automates threat detection
- Network monitoring tools
- Endpoint threat detection and response
- Anti-malware software on all devices and the network
- Ongoing vulnerability scanning
- Frequent penetration testing
- Automated patch management tools for applications and operating systems
- Data loss prevention
- Situational awareness of the latest threats
- Ongoing employee training and awareness programs
With the publication of President Biden’s Executive OrderImproving the Nation's Cybersecurity , the U.S. government has recognized that Colonial Pipeline and other recent incidents “share commonalities, including insufficient cybersecurity defenses that leave public- and private-sector entities more vulnerable to incidents.” The work needed to reduce the national risk will require strong partnerships across both the private and public sectors.
Contact our team for more information on how to prepare for, detect, and respond to cyber incidents.
Bhavesh Vadhani, Principal, National Director, Cybersecurity, Technology Risk, and Privacy
InsightWhy use a virtual CISO (vCISO)?Learn the key benefits of using virtual chief information security officers to address cyber challenges, and how CohnReznick’s vCISO services can help.
InsightCybersecurity considerations for multifamily developersFive actions multifamily developers can take to help protect against cyber attacks. Learn more.
InsightHow construction businesses can use PPP windfalls to future-proof with technology investmentsJack Callahan, Julie MinerHave extra funds after PPP? Read about 6 areas where contractors should boost their capabilities now: Automation, cybersecurity, and more.
Insight5 ways PE firms can protect against transaction-related cyberattacksJeremy Swan, Bhavesh VadhaniBefore a transaction, private equity firms must know whether their potential acquisitions can withstand an attack and, if not, how to boost security. Read more.
InsightThe tangible cybersecurity and business benefits of a virtual CISOvCISO services are one solution for meeting today’s growing information security, data privacy, and risk management needs. Learn more.