Ransomware—cyber extortion that occurs when malicious software infiltrates computer systems and encrypts data, holding it hostage until the victim pays a ransom—can have a bigger impact on an organization than a data breach. Ransomware can cost companies millions of dollars and a potentially even greater loss over the long term, impacting reputation and reliability.
Perform preliminary ransomware assessments
Conduct risk assessments and penetration tests to determine the attack surface and current state of security resilience and preparedness in terms of tools, processes, and skills to defend against attacks.
“Before you assume that payment is the only option, investigate using free ransomware decryption software,” says Webber.
Maintain consistent operational readiness.
Conduct frequent exercises and drills to ensure that systems are always able to detect ransomware attacks. Build regular testing of incident response scenarios into the ransomware response plan.
Test, test and retest at regular intervals to check for vulnerabilities, noncompliant systems, and misconfigurations. Ensure that incident response processes are not themselves reliant on IT systems that may be affected by ransomware attacks or unavailable in the event of a serious incident.
Implement the principle of least privilege.
Restrict permissions and deny unauthorized access to devices. Remove local administrator rights from end users and block application installation by standard users, replacing this with a centrally managed software distribution facility.
CISOs and security leaders must deploy multifactor authentication wherever possible, especially for privileged accounts. Increase authentication logging on all critical servers, network appliances, and directory services, and ensure logs are not deleted. Notify security operations teams of any unexpected activity and ensure they proactively look for unusual logins or failed authentication attempts.
Educate and train users on ransomware response actions.
Research into government and regional authorities that have provided guidelines on how organizations can fortify their network infrastructure against ransomware. CISOs and security leaders can use guidelines such as these to create a basic training program for all staff in the organization. However, ransomware preparedness training needs to be customized to the organization for best results.
“Use cyber crisis simulation tools for mock drills and training that provide closer to real-life situations for better preparedness of end users against ransomware,” says Webber.
The challenges of ransomware and other forms of malware are the ever-changing tactics and agendas of hackers. Having a strategy in place for preparedness can help contain the losses and protect the organization.
Enforce ransomware governance.
Establish processes and compliance procedures that involve key decision makers in the organization even before preparing for the technical response to a ransomware attack. Ransomware can escalate from an issue to a crisis in no time, costing an organization revenue loss and creating a damaged reputation.
Key people, such as the CEO, board of directors, and other important stakeholders, must be involved in the preparation. In the event of a ransomware attack, it is likely that journalists and other external stakeholders will reach out to the board of directors for a response to the attack, not the security leaders or CISO.
Interested to learn more about cyber security? Aventis School of Management offers both Graduate Diplomas and Master’s programmes in cyber security. Find your possible pathways here !