Taking protective measures against ransomware
The unfortunate reality is that ransomware will continue to be a threat moving forward, and you may not be able to prevent ransomware from entering your organization. Many threat actors are sophisticated enough that, given enough time, they’ll likely be able to bypass controls and enter your environment. So you must consider two things when developing a response to ransomware risks: how to make your business less of a target and how to limit damage if someone does manage to access your organization.
While nothing can completely protect your organization against ransomware attacks, the following actions can help to reduce the potential or scope of an attack:
Follow a cybersecurity framework
Some helpful guidance has recently been published from respected organizations to help curb the spread of ransomware attacks. For example, the National Institute of Standards and Technology (NIST) in May and the NIST IR 8374 (Cybersecurity Framework Profile for Ransomware Risk Management) in June with tips and tactics to protect against threats and recover from a potential attack.
Develop an incident response ransomware playbook
Your organization can leverage available guidance and advice to develop a strategy that outlines what you should do if you suffer an attack. A ransomware situation is a chaotic event, but every minute matters. The longer it takes you to respond to an attack, the more costly it will be from a forensics perspective and from a disclosure perspective.
The ability to detect an attacker and then respond to the event is the only thing that is preventing a huge financial liability from that specific attack. Therefore, eliminating any potential ambiguity must be a priority.
Make sure your cyber insurance policy is up to date
With the prevalence of cybersecurity threats, an effective cyber insurance policy has never been more important. However, the cyber insurance landscape has changed significantly recently, with reduced coverage limits, rate increases and more underwriting scrutiny as vendors pay out more claims.
However, even with the changes to cyber insurance policies, it is still a necessary part of your cybersecurity posture. You should consult with your insurance provider to ensure that your policy continues to align with your risks and take steps to put yourself in a more advantageous position from a coverage perspective.
Ensure you have strong business continuity and disaster recovery procedures
From a business continuity perspective, your organization should implement thorough segmentation for networks and applications to make it more difficult for an intruder to move around once they get inside.
Following a disruption, how quickly can you recover? An effective disaster recovery strategy is not only helpful during a natural disaster, but it can help transition or restore operations while limiting downtime during a ransomware event.
Consider managed services
A growing number of smaller and mid-sized companies are leveraging third-parties to manage core security functions essential to the mitigation of ransomware risks. Those functions include, but are not limited to, some of the below activities:
- Managed security monitoring
- Managed endpoint detection and response
- Managed patch and vulnerability management
Ransomware risks are evolving so fast, and some companies simply do not have the internal talent and experience to keep up. Rather than put the company at more risk, outsourcing to an organization with more experience and resources often makes the most sense.
Outsourced cybersecurity solutions are increasing in popularity as a practical alternative to managing security in-house. As the frequency and severity of threats continue to escalate, implementing a solution and maintaining it may no longer be feasible for many companies.
Undergo technical testing
A trusted third-party can evaluate your security environment and perform technical testing to determine the likelihood and impact of a ransomware attack. For example, online games win money provides a comprehensive ransomware risk assessment that evaluates the potential risk and spread of an infection through penetration testing techniques, analyzes business continuity and incident management programs, performs a ransomware tabletop exercise, and can help remediate any specific issues identified.
Ransomware has always been a concern, but risks are evolving at a rapid pace, and the threat is now very real for companies of all sizes. As with many types of cybersecurity attacks, the criminals are more advanced than many of the controls, and your organization must use available resources to develop a security approach that includes strategies to both prevent and remediate ransomware attacks in order to limit financial exposure and reduce downtime.