With about 4,000 ransomware attacks crippling companies daily in 2016, it’s apparent that this is among the top cyber threats companies will need to guard against in coming years. According to IBM Security, that number — four times the number in 2015 — reveals the alarming rate at which ransomware events are occurring.
In spite of the massive number of companies impacted by ransomware, Barkly noted that many companies haven’t taken the measures needed to develop more secure cybersecurity measures.
Out of more than 100 organization IT reps surveyed, most said they were not making any changes to their cybersecurity strategies and planning, even those with operations infected by a ransomware attack. According to the Barkly report, “over half the organizations that suffered successful cyber-attacks in 2016 aren’t making any changes to their security in 2017.”
The reason for leaving security measures unchanged ranged from budget (60 percent) to confidence that current security stacks would be able to protect against future threats (more than 50 percent).
According to Barkly CTO Jack Danahy, many companies minimize the threat of ransomware because they have backup measures to recover encrypted data. “It’s dangerous to think of backup as a ransomware solution,” he said. “For many reasons, tolerating infections and assuming they can be easily remedied with backup is extremely risky.”
To minimize the damage caused by a ransomware attack, it’s important to take the following measures, according to Christie Terrill, a partner at cybersecurity consulting firm Bishop Fox.
Conduct a comprehensive review of technical controls. Thoroughly assessing technical controls can provide guidance on how to protect and recover important data. According to Terrill, these questions should include: Where is our most important data located? What level of visibility does management have over which employees can access important files? What privileges do users have? A comprehensive audit should also include those listed in the CIS Top 20, including taking an inventory of authorized and unauthorized devices and software.
Create an incident response plan. In the event of a cyberattack or cyber threat, what steps will your team take to review the incident and take steps to recover data, if necessary? It’s critical to develop these next steps before something happens. Your team should outline who in your company should be immediately notified, as well as those outside of the company, including government officials. Other aspects of the response plan should include assigning responsibilities to various employees, documenting steps to dealing with the ransomware, and setting guidelines for backups in the event of a catastrophic ransomware attack.
Simulate an attack. Terrill also recommends testing your response plan by simulating a ransomware attack. Involve all employees assigned with various responsibilities in the testing of your plan. Make note of any gaps and address them.