The 2022 Verizon Data Breach Investigations Report reveals a significant increase in ransomware attacks, with malicious software being a factor in 25% of all breaches. Statista's report on the global number of ransomware attacks between 2016 and 2022 confirms this trend, showing a staggering 236.1 million attempted attacks. Companies need to prepare for ransomware attacks before they happen – or risk being unable to recover in the face of an event.
Ransomware is cyber extortion
Malicious software penetrates computer systems and then encrypts data, holding it ransom until the victim pays up. This has affected businesses of every shape and size globally, from Fujifilm in Japan to the University of California at San Francisco and the Irish healthcare service. Smaller companies are at risk too, as they have weaker security systems in place.
Falling victim to a ransomware attack is easier than most people think. You can patch your Exchange Server, run Microsoft’s testing script to find out whether your server has been exploited, and still suffer losses if you’re running an outdated version of the script. It’s important to be prepared and to get expert help if you need it.
We suggest putting the following steps in place:
- Run an initial ransomware assessment: Running penetration tests can check how strong or weak your system is, give you an overview of the state of your security and show you the gaps you need to fix.
- Put strong governance in place: Establish processes and compliance procedures to protect you from ransomware attacks in the first place before you begin to map out your response in the event of an incident. Ensure you involve key stakeholders and have the support of the leadership team. Although cybersecurity is deemed to be an IT function, it affects entire organisations and in the event of a ransomware attack, the leadership team will be asked the tough questions.
- Stay ready: Don’t become complacent – businesses need to keep running drills and checking their systems to ensure they are as protected as they can be. Partner with a trusted security expert who can assist you in building regular testing of your ransomware response plan to check for vulnerabilities, noncompliant systems, and other issues. Importantly, make sure your incident response processes aren’t reliant on IT systems that would be affected by a ransomware attack or another serious incident. Ensure you have back-ups in place – not just of data, but of all your nonstandard applications and IT infrastructure too. Speak to your IT security partner about creating specific recovery time objective (RTO) and recovery point objective (RPO) parameters too.
- Sort out permissions: Use a centrally managed software distribution facility to cut down on permissions issues, removing local admin rights from end-users and blocking app installations. Use multi-factor authentication wherever possible. Enable and increase authentication logging and keep logs on file. Flag and escalate any unexpected activity.
- Implement ongoing training: Use best practice guidelines developed by governments and security experts to create basic training programmes for all your staff. Partner with your IT security provider to appropriately up-skill your team members on an ongoing basis, tailoring interventions for your business’s specific needs.
Having a strategy in place for ransomware preparedness can help protect your business from threats and losses. Numata offers a range of cybersecurity services for SMEs to assist your business with developing ransomware protection frameworks and strategies. Don't wait until it's too late, secure your business today with Numata's comprehensive cybersecurity services.
