Combating Ransomware: Don’t Let Your data be held hostage
Enterprises today operate in a digitally connected world, where technology and connectivity are core of their digital transformation strategies and operations. However, with hyperconnectivity, organisations must also contend with hyper-exposure to cyber risk.
As a leading provider of cyber threat intelligence and cybersecurity solutions, Tata Communications network analytics and insights platform analyses 25 million traffic flow records per minute from across the globe. This information allows Tata Communications to proactively detect and prevent approximately 2.6 million threats every day globally. In addition, our global security operations centre (SOC) constantly monitors, manages and protects nearly 24,000 business-critical applications/assets and thousands of end users.
Amongst the most prevalent threats today, ransomware is one of the most disruptive and destructive risk that enterprises face In the last 12 months, Cyber Security Breaches survey highlighted 39% of UK businesses identified a cyber-attack, remaining consistent with previous years. With modern enterprises relying extensively on data to run their operations, cybercriminals can effectively shut down an entire organisation by taking their data hostage.
Moreover, ransomware attacks are becoming increasingly sophisticated and multi-layered. For instance, by encrypting and exfiltrating their victims’ data, cyber perpetrators can extort more money by threatening to expose the information to data leak sites or underground forums.
In fact, ransomware has become such a significant risk that NordLocker’s analysis looked at the global distribution of ransomware attacks between January 2020 and July 2022, finding that regardless of geographic location, small businesses are at the highest risk, accounting for nearly two-thirds (62%) of all attacks take place in the UK. Likewise, International law firm RPC found that the number of UK ransomware attacks highest targeted sectors were finance, insurance, credit, education, and healthcare.
So, what can organisations do to protect their business? Here are five important considerations:
1. Reinforce Cyber Hygiene: From a technology perspective, good cyber hygiene practices comprise of disciplined vulnerability assessment and management where all operating systems, software, firmware, and network devices are constantly updated. Additional attention is needed for end of life and end of support applications and devices. Organisations should also enforce robust password regimes and leverage measures, such as MFA (Multi-Factor Authentication), to minimise the chances of unauthorised access.
People form another critical aspect of cyber hygiene. Organisations should conduct regular cyber awareness training to raise employees’ security knowledge and awareness. They should also conduct exercises, such as phishing attack simulations, to elevate employees’ cyber vigilance. These steps are vital in preventing ransomware delivery through social engineering.
2. Adopt a Zero-Trust Approach: Organisations should look at transforming their security infrastructure based on zero trust principles. In simple terms, zero-trust essentially means that an organisation does not automatically trust anything inside or outside of its perimeter. Every access request needs to be fully validated to ensure its legitimacy.
The impetus to adopt a zero-trust framework is the dramatic growth of endpoints within organisations and the need for more devices to communicate directly with applications. Zero-trust allows enterprises to verify access requests based on identity and user context and limit access to specific applications to authorised users, creating a more secure digital environment.
3. Vault your Data: Effective preparation is the key to minimising the impact and disruption that ransomware attacks can bring. Frequent data backups, regular testing of backup restoration and storing data in vaults are critical to avoiding a data hostage situation.
Organisations need to recognise that paying the ransom is never recommended path. Instead, they should focus on preparations that allow them to get back on their feet swiftly. The optimal approach to addressing a ransomware incident is to execute data recovery from the offline data storage to resume operations.
4. Upgrade your Defences with a Security Operations Centre: Enterprises can adopt a more proactive cybersecurity stance by creating their own security operations centre (SOC) with the right analytical tools and skills or subscribing to the services of one. Through an advanced SOC, organisations can move beyond security information and event management (SIEM) tools with curated Cyber Threat Intelligence Feeds which are credible and actionable. Additionally, integrating Security Orchestration And Automation (SOAR) can give enterprises the ability to automate containment actions swiftly which are key in current cyber threat context. Also, enterprises should leverage user and entity behaviour analytics (UEBA) and detection tools to more holistic extended detection and response (XDR). Tapping on XDR can give enterprises the ability to secure all data across their digital estate.
Besides having the right technological tools and framework, another critical component of a fully functional SOC is talent. The SOC needs to be manned by a team of highly skilled cyber defenders with deep knowledge of the enterprise estate. As the cybersecurity industry faces a manpower crunch, organisations can look to managed security service providers to fill the gap.
The SOC team can also help enterprises develop a ransomware response checklist and incident response plan. This includes understanding applicable state data breach laws, mapping communication procedures, and ensuring the contacts matrix is up to date. In addition, organisations can further evaluate their readiness by conducting periodic incident response drills.
5. Secure your Digital Ecosystem: Lastly, in a digitally connected world enterprises today have many dependencies as look to deliver value across their ecosystem of partners, suppliers, governments, institutions. They must evaluate the security posture of their third-party partners and ensure all connections between third-party vendors and outside software or hardware are monitored and reviewed for suspicious activity. Cybersecurity assurance should also be critical evaluation criteria when selecting partners and vendors. Organizations need to be able to trust their partners’ capabilities to secure the data they share with them.
With the industrialisation of cybercrime and the rise of ransomware-as-a-service, ransomware attacks have become advanced, destructive, and challenging to defend. To keep their digital assets safe and prevent their data from being taken hostage, enterprises need to continue to evolve their cyber defences.
By seeking a trusted cybersecurity partner to help evaluate their security posture, improve their defences and elevate their cybersecurity strategy to the next level, organisations can better protect their continuity while ensuring they stay one step ahead of cyber adversaries - especially in the face of increasingly potent ransomware attacks.