Ransomware: A wake up call for every online business
Are you CIO/CTO/CISO/IT Manager?
Designation may vary company to company but if you are accountable for protecting business data then it’s time to reassess your IT controls and strategies deployed for protecting business data in the wake of Ransomware attacks.
This data may include personal data of customers/employees, financial data, IP etc. which might need to comply to other regulations but the primary objective this data is to “run the business”. And primary objective of ransomware attacks is to “extort the money”.
Today, with the emergence of ransomware as a service (RaaS), cybercriminals don’t even need to be very savvy to pull off an attack. They can shop for affiliate software on the dark web where the developer gets a cut of the take. Therefore, these attacks are making almost every company, regardless of their size and industry, a potential victim.
It is likely that companies must have deployed IT controls already to protect their digital data, but it is now important to reassess their effectiveness in relation to Ransomware attacks.
Below are some indicative controls to re-strategize to protect, detect, and restore data without paying ransom.
1. Backup Strategy: Reassess systems/data that is crucial to run the business and is internet facing or accessed over internet or is assessed by non-IT employees. These are more prone for attacks and need to ensure quick and clean restore in case of attack.
2. Disaster Recovery: Ransomware attack can also make primary site inoperable and need to run business from alternate location. It is possible that cybercriminals might have planted ransomware long back in the network, in such case, restoring infected data at alternate site can give access to criminals to launch same ransomware attack.
3. Business Continuity Plan: Critical businesses may not afford slightest downtime as well for some of the business functions. Need to reassess plan for such business function system/data.
4. Vulnerability Management: Many a times exceptions are granted or remediation is delayed stating business availability over security. It would be prudent to highlight vulnerabilities prone to Ransomware attacks and addressed on priority. VM team may be provided access to Threat Intelligence feeds to get update on Ransomware related vulnerabilities.
5. Security Monitoring: Create use cases to monitor Ransomware anticipated activities. Create User reports from DLP, spam filtering, web proxy, Password change needed, account lockouts etc. This may help to check additional security training.
6. Awareness Training: Closely monitor the effectiveness of trainings. Continuously update the content. Do frequent mock-runs etc.
7. GRC: Pay specific attention to reports that are associated to Ransomware attacks. Highlight the concerns and seek management directions and support to address the concerns.