The ransomware attacks that brought down Colonial Pipeline’s operations and JBS, the world’s largest meat supplier made the news, but thousands of other attacks don’t. Every organization with data is a potential victim and many are woefully unprepared to prevent, detect or respond to minimize the impact.
Attackers are not only using malware to encrypt data and demand a ransom, they are also stealing copies of the data to attempt to extort money from victims and to ultimately sell on the Dark Web to maximize their profits. With average costs of an attack now over six-figures, it is more important than ever to take proactive steps to protect your organization, including:
1) Identify your data assets, and the systems that are used to transmit and store sensitive data. Knowing what needs to be protected is the first step to determining what technical controls will be most effective. Understanding the data flow and access is critical to making quick decisions on how to best stop an attack.
2) Back up critical data and test to be sure you can restore it. Test your backup restore process regularly to confirm not only that you actually can restore if needed, but also to know how long it will take to bring critical systems back online.
3) Train your staff! If your employees don’t get regular ongoing security awareness training and updates on the latest threats, you are not arming them to be part of the protection against ransomware.
4) Monitor your network for indicators of compromise. Since no protection is 100% effective, it’s critical to watch for unusual traffic, failed log-in attempts, escalated privileges and other signs that could indicate unauthorized access. Adding threat intelligence and a 24/7 team of security analysts to review alerts and validate threats means you are far more likely to spot and stop an attack.
5) Know what steps to take…and what NOT to do. If malware is detected or suspected, make sure staff knows how to report it, and that the IT team knows the steps to contain it. Have a playbook of the resources to call if needed, including your Managed Service Provider/Managed Security Service Provider, commercial insurer, law enforcement, and even your attorney if you believe data was exposed. Having a Breach Response Program in place can give you immediate access to the guidance and expertise you need in this critical time.