By: Sandeep Bhargava, Managing Director of Asia Pacific Japan (APJ), Rackspace Technology
They say an ounce of prevention is worth a pound of cure, and this is as true for your business as it is for your health. This thought seems to be on the mind of Interpol recently, as it warns us that ransomware attacks have spiked due to the global pandemic.
The world of work has changed rapidly in the last few months, and many more people are now working from home. Unfortunately, it is no secret that telecommuting increases an organisation’s attack surface, leaving it more vulnerable to ransomware than ever before.
Specifically, there have been prolific attacks on healthcare providers, starting with an ST Engineering US subsidiary that was targeted in June. Ransomware attacks are not exclusive to any sectors. Asia Pacific continued to experience a higher-than-average encounter rate for ransomware attacks, 1.7 times higher than the rest of the world. This is despite a 29 percent decline when compared to the previous year’s findings in 2018.
So let’s take a minute to step back and examine what’s at risk, and how to best protect your business from a ransomware attack.
Why is ransomware so prevalent?
Ransomware is a type of malware that denies access to an information system or makes data unusable, usually via encryption, until a ransom is paid. Imagine your organisation is unable to provide your most crucial services to customers because cybercriminals have encrypted the data on the servers that facilitate these services. This is exactly what ransomware is designed to do.
Attackers understand that many organisations cannot afford lengthy service interruptions, and they leverage this urgency to extort money from them. A successful attack can result in a huge blow to an organisation’s reputation, and there is also no guarantee that the attacker will uphold their end of the bargain and decrypt the data once the ransom is paid.
Ransomware can be disastrous to an individual or organisation, and it is the job of security professionals to ensure that proper security measures are in place to protect against it. For example, it is a good idea to ensure that your business has backups of its critical data so that an attack does not immobilise your organisation for a long period of time. It’s also advisable to have a good incident response plan that provides a step-by-step guide to what your team can do if an attack occurs.
Detect and remediate quickly
Obviously, prevention is the preferred method of protecting against ransomware attacks. Unfortunately, prevention is not always possible. Which brings us to the widely held beliefs that what you cannot prevent, you should at least be able to detect. If IT teams detect something, they should take corrective action to make sure it is prevented from happening again.
But as organisations improve in prevention and detection mechanisms, cybercriminals are honing in on additional vulnerabilities, often at the end-user level. Malware has become more powerful, with attackers using evasive customisation techniques to avoid detection by the traditional signature-based anti-malware solutions utilised in many organisations. In recent weeks, ransomware has increasingly been distributed through COVID-19-themed phishing emails, exploiting vulnerabilities, or by users unknowingly visiting an infected website. Additionally, attackers often use The Onion Router (TORs), open-source software that allows communication to remain anonymous when sending command and control traffic to their victims.
The good news is that just as cybercriminals are getting smarter, the number and capabilities of intelligent protection solutions are also increasing.
Here are 5 ways to help ensure that the remote workforce remains secure:
1. Use firewall protection solutions which allow for added specific capabilities designed to prevent ransomware attacks across the organisation’s VPN. It ensures that protection is always present once a user logs into their computer. It is built with two-factor authentication and quality of service (QoS) bandwidth management, which lets IT teams allocate VPN bandwidth for selected types of traffic and users. Firewall solutions are able to leverage a single-pass architecture designed to prevent network vulnerabilities, block the download of known malware and prevent malicious encrypted content from circulating around your network.
2. Back up your data Maintaining recent backups of your data is essential. Companies that follow this fundamental best practice can safely ignore ransom demands and revert to stored files with little data loss.
3. Keep up with patches and check your security software Patch management has been and will continue to be a challenge for many organisations and end-users. Simply keeping up with the latest patches for Windows, Mac and Linux operating systems and your third-party applications will go a long way to reducing your exposure to ransomware.
Be sure that you have security software installed and that it’s up-to-date. New malware surfaces every day, so keeping current with your anti-virus software helps keep your data safe.
4. Educate staff to spot scams Employee awareness is crucial in avoiding a ransomware attack. Staff should be coached on how to spot scams, and urged to take the time to pause and check emails that don’t look right.
5. Take the “Security First” approach Weave security awareness and practice into your process from beginning to end. DevSecOps is a concept that emphasises the importance of integrating security into all parts of IT system development and operations, rather than leaving them disconnected. While perfect security is not possible, concepts like this bring it closer.