CDSA

Dr. Michel Hébert, research director with the Information Security, Privacy, Risk and Compliance practice at Info-Tech Research Group, a technology research and advisory firm, had a stark message for attendees of his recent webinar: “It’s not a matter of if you’ll be hit by a ransomware attack. It’s when.”

“Ransomware is such a live issue, it’s all over the news, and in the last year it seems I have new clients every day who want to talk about ransomware, they want to understand the threats, and what they can do to protect their organization,” he said during the “Anatomy of a Ransomware Attack” presentation, presented by the Content Delivery & Security Association (CDSA).

“It is the case that the number of attacks is increasing, as are the size of the payouts. More folks are paying ransoms,” Hébert said. “If anything, the number of cases is underreported, because companies try to minimize the reputational impact of data breaches and ransomware attacks.”

Only half of cybersecurity professionals believe their organization is prepared to prevent a ransomware attack, with a new organization targeted by an attack every 14 seconds, according to data he shared. Between 2017-2019, the frequency of ransomware attacks increased two-fold, and the average cost of fixing a successful ransomware attack was more than $130,000. School districts, major utilities, city governments, and private companies, all have been hit with ransomware attacks in 2021, with some shelling out millions to fix the problem.

There’s a host of factors contributing to this issue, and while keeping threat actors from undertaking an attack isn’t feasible, organizations can be better prepared: executives can put more emphasis on preventing an attack, test ransomware readiness with a proper company response plan, and be sure your storage, backup and disaster recovery plans account for ransomware scenarios, Hébert said.

“What’s contributing to the rise of these attacks is you’ve now got ransomware as a service,” he said. “Unfortunately, it’s no longer necessary to be skilled technically to mount a ransomware attack. There are tools available on the dark web that allow ransomware gangs with absolutely no coding skills to infiltrate a network. They’re selling services to each other.” Combined with the attractiveness of demanding payment in untraceable cryptocurrency, which leads to larger ransom demands, and companies need to be thinking about boosting their cyber defenses yesterday, Hébert said.

“Companies don’t always have a great response plan, and will often pay [ransomware demands] quickly, because they don’t have the ability to solve it on their own, and recover their systems in a timely manner,” he said.

Reduce your exposure with regular, offline testing and encrypted backups; assess and mitigate system and device vulnerabilities and mitigate the risk of remote desktop and server message block protocols; update your software, including applications and firmware; and use best-of-breed information security frameworks, providing comprehensive awareness of your security capabilities.

“You want to make sure you have a layered defense, consider all the variable,” he added. “You can set up layered controls that handle the breach of the system.”

And to prepare for the eventuality of a ransomware attack, it’s important to know how they happen, and it’s very clear where they begin: 96 percent of all ransomware attacks begin with phishing emails, Hébert said.

To access the full presentation, click here.

Info-Tech Research Group is the world’s fastest growing information technology research and advisory company, helping over 45,000 IT professionals execute on their most critical IT initiatives by using practical and tactical IT blueprints, tools and templates, and guidance from industry-expert research analysts. If you’re interested in learning more about Info-Tech and how they can support your IT projects and initiatives, please feel free to contact Matt Edwards, Associate Commercial Director at Info-Tech Research Group ([email protected]; 1-888-670-8889 ext. 2612)