With the spate of attacks, research firm and security company Forrester asks: Why do ransomware attacks seem to be on the increase? How do attackers evade detection? And what measures can companies take to deter hackers or stay safe?
Steve Turner, Forrester analyst, provides the following comments on why ransomware attacks happen:
“These attacks are accelerating because they are lucrative for the attackers. They cost them virtually nothing to execute compared to the sometimes double pay day they receive by holding companies hostage and then threatening to leak the data they stole. Plus, these organisations have ephemeral infrastructure, which means that what they are using can quickly be stood up and torn down, or are running RaaS, Ransomware-As-A-Service, where they have got a lot of affiliates that are actually executing the attacks.”
“Companies are rarely prepared because they may not have touched or tested their incident response plan since it was created. A lot of companies have not run tabletop exercises that include folks outside of their IT/security teams simulating a ransomware attack. We need to increase our preparedness on both of these fronts.”
“Critical infrastructure is an easy target because attackers feel like they’ve backed those companies into a corner and they do not have any choice, but to pay the ransom. Until there’s requirements or penalties for companies in these critical sectors, they will continue paying the ransom and ransomware operators will continue to target them.”
Turner offers six-point advice on best practices to thwart attacks:
1. If the company doesn’t have a robust backup and data storage strategy, that should be priority #1. Identify where all your critical data sits and back it up regularly to somewhere where it can be stored disconnected from the company’s network. Test restoring those backups to ensure your whole strategy works end to end.
2. Security hygiene is key to helping prevent and ultimately contain ransomware. Companies should be patching their systems and apps on at least a monthly basis if not more regularly. Prioritise systems and apps that are connected directly to the internet.
3. Multifactor has been something that we still see that is not turned on within environments, yet it’s one of the best security controls you can utilize to stop an attacker dead in their tracks. While we know it’s not something easy, it is paramount that companies try to centralize their identity systems and require multifactor where possible.
4. Secure privileged accounts immediately and require multifactor. Make sure to include admin accounts that are used to manage your cloud environments as well.
5. Ensure to have an endpoint protection deployed to all of your computers and servers. Make sure that it is turned on, updated, and working. Most companies can get a health check from their endpoint protection vendor for free, take advantage of that.
6. Put a plan in place to move towards Zero Trust, this can be in bits in pieces by implementing least privilege, segmenting critical pieces of your network, or even by starting to implement multifactor.