According to a new report by cyberintelligence firm Group-IB, the number of ransomware attacks increased 150 percent in 2020. Although not necessarily surprising—the entire world was, after all, battling a pandemic—the rise in ransomware frequency and severity should definitely be a wakeup call for businesses.
The Current State of Ransomware
Ransomware isn’t a new threat, but ransomware operators like to keep their tactics and technologies fresh, so there is always something unexpected coming down the pike—for example, the growing popularity of stealing sensitive company or user data before they encrypt it, as evidenced by this record-breaking double extortion attack on electronics giant Acer.
There has also been a spike in ransomware attacks against the education sector driven by the high volume of personal data that schools and universities are likely to pay up to protect.
And although we hope everyone is following the latest and greatest data backup best practices, these days, simply backing up your data may not be sufficient. Some strains of ransomware are targeting backup files, so it may be time to update your organization’s data protection strategy.
IT Gaps That Open the Door for Ransomware Attacks
IT teams cannot afford to be complacent about data protection. There are way too many people out there who want to steal your company and user data. Now is the time to buckle down and shore up your security perimeter, because ransomware and other cyberthreats are only going to get worse.
If it has been a while since you took a long, hard look at your cybersecurity and data protection strategy, you may find that it is full of holes and practically throwing out the welcome mat for ransomware operators.
There are six key areas where IT teams commonly find security gaps that make it easy for ransomware to slip in and cause chaos for you and your end users. Here is a high-level look at those gaps and suggestions for ways to close them.
1. Access Management
Traditional username/password credentials are becoming less and less effective at keeping out malicious users and applications.
- Gap: Users are given excessive permissions and organizations have weak password protocols.
- Solution: Employ privileged access management, Zero Trust initiatives, and multifactor authentication.
2. Remote Access Gaps
When the world’s workers suddenly went remote, businesses’ attack surfaces blew wide open.
- Gap: Remote access technologies, especially RDP and VPN, are less secure than on-premises tech.
- Solution: Ensure that brute force attack protection and strict access management policies and protocols are in place.
3. Backup Gaps
Backups only work if they work. Test often and add an air-gapped copy to your backup plan.
- Gap: Organizations use poor backup implementation and don’t isolate backups from the network.
- Solution: Backup frequently, test backups, and implement the 3-2-1-1 backup strategy.
4. Network Segmentation Gaps
Malware can hide in your networks for weeks or even years before you know it’s there. Segmenting your network helps keep it contained.
- Gap: If not segmented, ransomware can quickly spread through the entire network; just ask Honda.
- Solution: Separate critical systems from the broader internet and less business-critical networks to limit the number of files ransomware can encrypt or exfiltrate.
5. Antivirus Gaps
Antivirus protection is essential, but it's not a silver bullet. Make it one part of the whole data protection package.
- Gap: Antivirus software can only stop the ransomware attacks it recognizes. It can warn IT about suspicious links, but it can’t do anything to stop the spread of ransomware once it gets in.
- Solution: Implement a holistic cybersecurity and data protection strategy.
6. Patch Management Gaps
Missed patches and updates are a leading cause of security events and downtime. One way or another, make patching a priority.
- Gap: Ransomware often targets old vulnerabilities, but patching is time-consuming, so many organizations only patch the most critical and current vulnerabilities. At a time when more employees than ever are using personal devices for business functions, mobile device patching is often overlooked.
- Solution: Make a patching schedule (and stick to it), but don’t only patch according to the schedule. Assess vulnerabilities regularly and patch as needed, using automation and/or managed services wherever possible.
Are You Ready for Ransomware?
Ready or not, ransomware is coming for your data. With security experts predicting a banner year for ransomware, it is safe to assume that practically every company will need to fight off an attack sooner rather than later. Be proactive and secure your perimeter now.
Take the Ransomware Readiness Assessment to find out your organization’s maturity level in key areas, including:
- System access and control management
- Endpoint protection, data availability, and cybersecurity
- Ransomware awareness training and communications for users