Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Be prepared: How to prevent your organisation from being held to ransom by high tech hijackers in 2022

Ransomware is rife but organisations that do the work may be able to avoid paying out, should the worst occur, writes Luke Smith of Barracuda MSP.

user iconLuke Smith
Tue, 14 Dec 2021
Be prepared: How to prevent your organisation from being held to ransom by high tech hijackers in 2022
expand image

Wondering exactly when it was that ransomware became such a “thing”? The past couple of years have certainly seen it thrust into the limelight, courtesy of a seemingly never-ending series of high-profile attacks, here at home and further afield.

Household name victims have included the brewing and beverage giant Lion which saw production and distribution significantly disrupted in June 2020, after hackers hijacked its key systems and demanded a reported ransom of $1 million to set things to rights. As an incentive for the company to pay up, proof that the perpetrators were in possession of confidential customer and company data was provided, in the form of file screenshots.

Hello, you have five days to contact us and pay, otherwise all your financial, personal information your clients and other important confidential documents will be published or put up for auction, the accompanying ransom note read.

============
============

Old tricks, new targets

Truth to tell, ransomware has long been with us, even if it used to struggle to make the headlines. In days of yore, it was consumers who copped it, when they activated a dubious attachment, or clicked on a dodgy link, and were subsequently adjured to part with a smallish sum to have normal service restored.

But, over the past decade, the advent of cryptocurrency, the rise of the cloud and widespread digitisation have created a happy hunting ground for hackers in the business world.

Organisations which haven’t paid sufficient attention to the increasing risk have made themselves ever more vulnerable to well-planned, sophisticated attacks.

Not only can these attacks cripple their operations by encrypting the files they need to stay up and running, they can also compromise, or threaten to compromise, the integrity of what’s arguably become their most valuable asset: data.

Just how valuable that data can be has been reflected in the size of the ransoms being levied, with hackers commonly demanding their large victims pony up six, seven and even eight figure sums.

To pay or not to pay?

Although it’s not something they want shouted from the roof tops, many victims do end up paying some or all of the ransom, to regain possession of what’s rightfully theirs.

It can be an expensive but expeditious option, particularly if the potential cost of the disruption – and the accompanying reputational damage – looks likely to exceed the sum you’re being asked to part with.

But it’s not your only option. Adopting a strong cyber security posture, which includes best practice protection and rigorous back-up measures that have strict access controls and multi-layer protection to prevent backups from becoming a ransomware attack target can put you in a good position to say yeah, nah, should hackers come calling and find a way in.

What does that posture look like in practice? Unfortunately, there’s no single solution, no silver bullet guaranteed to ward off adversaries or stop them in their tracks. Rather, what’s needed is continuous assessment of the threat landscape and a commitment to implementing multi-layered protection, to minimise opportunities for attackers to penetrate your infrastructure and lock up your systems and data. If your business is already using an IT service provider, ensure they are using a multi-layer approach and leading vendor technologies to achieve this.

Extending your security provisions

If your organisation has adopted remote working and cloud-based applications – as thousands of businesses have done during the ongoing COVID crisis – then your attack surface has expanded exponentially. An extended protection and response program is necessary, to ensure every inch of that attack surface is monitored and managed.

A comprehensive endpoint protection solution, featuring zero trust access control and multi-factor authentication, should be an integral component of that program to protect access to applications and workloads.

So should a patching protocol that sees applications updated as a matter of urgency whenever updates are released. It’s simple housekeeping yet known vulnerabilities for which security patches have already been developed continue to enable thousands of malware attacks each year.

Meanwhile, employees can be the strongest or the weakest link in your security chain. You’ll ensure they’re the former if you implement email protection and regular cyber awareness training, for everyone from the CEO down, and take steps to foster a security culture which sees all employees alert to the ongoing possibility of an attack.

At the same time, make sure your IT service provider is working closely with your IT teams, not just to cover the current state of the environment but to proactively discuss what new services could be added to future proof the business.

A stronger safer future

In 2021, ransomware attacks have rapidly become the favoured means for financially motivated cyber criminals to extract profit through data theft, public disclosures and business disruption often costing millions of dollars. New ransomware-as-a-service and double extortion models are being used to increase the frequency and severity of attacks.

Falling victim may be unavoidable but paying a large sum to regain access to your infrastructure need not be. Get your organisation’s security in order and you can be well placed to react, remediate and recover without opening your digital wallet to high tech extortionists. Indeed, when a breach has occurred, the speed, efficiency and experience applied to the response can make a significant difference in the impact to an organisation.

As a result, security teams need to be in a position to immediately triage the incident to begin to fight back. They must work to remediate the vulnerabilities and get back to normal business operations faster, and with minimal user disruption.

In order to prevent future compromises, organisations must also deploy services such as cyber threat intelligence and 24/7 threat hunting to help security teams eject threats from the networks quickly and prevent silent failure. A security team with clear roles and responsibilities is key to enable faster, more complete remediation.

Luke Smith is the regional account director at Barracuda MSP.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.