Ransomware is getting nastier and more expensive all the time and it has affected almost every industry and geography. No one is immune from the threat.

In a global ransomware survey conducted by Fortinet, 67% of organizations report suffering a ransomware attack. Even worse, almost half said they had been targeted more than once, and nearly one in six said they had been attacked three or more times.

Renee Tarun, Deputy CISO/ Vice President Information Security, Fortinet Inc.

The US Treasury’s Financial Crimes Enforcement Network (FinCEN) reported that organizations paid out almost $600 million in ransomware in the first half of 2021, which puts the US on track to surpass the combined payouts of the previous decade in a single year.

Last year’s attacks on the supply chains of companies like Colonial Pipeline and JBS made the news, but they are likely only the beginning. For each attack that garners headlines, countless more happen that don’t make the national news.

The ransomware threat is real, so it’s not a surprise that in the ransomware survey, 85% of respondents said they’re more worried about ransomware than any other cyber threat.

Plans and more plans for ransomware

The good news is that most organizations have plans in place to deal with ransomware. The bad news is that some of those plans may not be useful or effective. In the survey, less than half of the organizations reported having a ransomware strategy that includes basic cybersecurity tactics like network segmentation, business continuity, recovery testing, and remediation. The same situation is true of incident response plans, which should cover risk assessment, offline backup, and ransomware insurance.

A plan is only as good as the information within and if you’re not covering the basics, you’re going to have a problem.

Amid all the alarming headlines about new tactics that cybercriminals are using, it’s easy to lose focus on the fundamentals. Plans should include training and basic cyber hygiene. Because remote work has expanded the attack surface, organizations need to take that into account when setting up cybersecurity training for their staff.

Education is more important than ever and it needs to incorporate cybersecurity elements that are unique to hybrid and remote work environments. It should include information on the latest social engineering attack approaches, such as smishing, vishing, and angler phishing. Attack methods are changing constantly, and employee training needs to keep up.

Collaboration and information sharing against ransomware

Ransomware is a massive problem and no organization can tackle it alone. All stakeholders at the company need to be on board and organizations also should work to establish partnerships with law enforcement and organizations such as the Cybersecurity and Infrastructure Security Agency (CISA). The only way to have an impact on cybercrime groups is by working together and sharing intelligence.

Because cybercriminals often target multiple organizations in similar industries or that are using the same networks, and systems, it’s important to collaborate to reduce the overall impact of ransomware within the larger industry or group. The sharing of threat information and attack data among public and private entities makes it more difficult for cybercriminals to get a foothold.

These types of public-private partnerships also can help with data recovery, which reduces the overall costs of an attack.

The time to start protecting against ransomware is now

Organizations need to make sure that they have a cybersecurity strategy in place that includes the fundamentals: education, cyber hygiene, and private-public collaboration.

An educated workforce is key to having an effective cybersecurity strategy. According to the 2021 Verizon Data Breach Investigations Report, 85% of data breaches involve human interaction. Therefore, you can have all the security solutions in the world, but if you’ve overlooked training your employees in cyber hygiene and awareness, you’re never going to be truly secure. Employees should receive substantial training on how to identify and report suspicious cyber activity—including phishing emails.

Approximately 50% of ransomware attacks involve some form of social engineering attack like phishing. Keeping your workforce trained on these types of attacks, especially as adversaries continuously refine their methods, will help ensure that your employees don’t fall victim by taking the bait.

Through education and training, you can ensure your workforce maintains their cyber distance from adversaries and stays wary of suspicious requests to help keep critical digital resources secure.

Patching and hygiene are important

Along with training, cyber hygiene is another essential element in the fight against ransomware.  First and foremost, you need to ensure that user devices and networks—including home networks—are properly maintained and secured.  This requires ensuring that devices are properly patched and configured to prevent the adversary from exploiting them.

Zero trust access and endpoint security

Next, is implementing a zero-trust security model, which assumes that anything or anyone trying to connect to the network is a potential threat.  When a zero-trust access approach is in place, every individual or device that tries to access the network or an application must undergo strict identity verification before access is granted. This verification uses multifactor authentication (MFA) and requires users to provide multiple credentials before they can have access—which adds an additional layer of protection beyond having strong passwords.

Attacks can take just seconds to compromise the endpoints so endpoint security is vital for ransomware. First-generation endpoint detection and response (EDR) security tools simply cannot keep pace. They require manual triage and responses that are not only too slow for fast-moving threats and which also generate large volumes of indicators that burden cybersecurity teams. More modern solutions proactively reduce the attack surface, prevent malware infection, detect and defuse potential threats in real-time, and can automate response and remediation procedures.

Work as a team

Public-private collaborations are essential for effective critical infrastructure security and resilience strategies. This includes timely, trusted information sharing among stakeholders within the public and private sectors.

For organizations to mitigate the unseen threats, they must have real-time actionable intelligence. The information must be shared between the different security layers and products within your environment to provide a proactive defence.

In addition, this information sharing should be extended to partnerships within the broader cybersecurity community outside of your organization such as Computer Emergency Response Teams (CERTs), Information Sharing and Analysis Centres (ISACs), industry coalitions like the Cyber Threat Alliance, law enforcement, and other government organizations like Cybersecurity and Infrastructure Security Agency (CISA).

Since no single entity or organization has all the answers on how to address the cyber threat, by working together and sharing information, we can increase our response times and break the kill chain before malicious activity spreads to other systems and organizations.

By Renee Tarun, Deputy CISO/ Vice President Information Security, Fortinet Inc.

Sign Up for Our Newsletters

Get notified of the best deals on our WordPress themes.

You May Also Like

South Africa’s Dis-Chem Takes a Swing at WhatsApp Commerce

Clickatell, a CPaaS innovator and Chat Commerce leader, has been selected by leading South African retailer, Dis-Chem Pharmacies, to enable WhatsApp as its customer communication channel to engage with its…
View Post

UBA & Cellulant Join Forces to Unite Africa’s Payments Ecosystem

Nigeria’s United Bank for Africa (UBA), and Cellulant, a leading Pan-African payments company, have announced a partnership that will extend payment services for merchants and consumers across 19 key African…
View Post

Here’s How Much MTN Spent During the ICASA Spectrum Auction

MTN announced on Thursday that it had secured the high-demand spectrum required for its 4G and 5G network expansion drive from the highly anticipated ICASA spectrum auction. ICASA announced that…
View Post

Netflix Scholarship Applications Now Open for East African Students

Netflix, one of the leading entertainment streaming services in the world, has opened applications to the Creative Equity Scholarship Fund (CESF) for film and TV students in the Eastern African…
View Post

TymeBank Launches Medical Insurance App for South Africans

TymeBank, the South Africa-based exclusively digital retail bank, has announced a new partnership with National HealthCare for affordable medical insurance to consumers, through the launch of TymeHealth, an app-based offering…
View Post

4 Things You Need to Know About Achieving Efficiency in the E-commerce Era

E-commerce companies and platforms in South Africa experienced a rise in activity and profits triggered by Covid-19 lockdowns and social distancing restrictions in early 2020, while retailers and other businesses…
View Post