Ransomware attacks increased by 13% between 2020 and 2021, according to the 2022 Verizon Data Breach Investigation Report (DBIR). This leap is greater than year-over-year increases in the previous five years combined. These attacks are here to stay, and they’re becoming more advanced and difficult to prevent.
Ransomware attacks can cause enormous damage, potentially bringing business to a standstill (see the Colonial Pipeline attack in 2021). While organizations continue to improve their security risk management and cyber defense capabilities, the unfortunate truth is businesses are dealing with ransomware attacks at an unprecedented rate. While many attacks are targeted, it’s becoming increasingly common for malevolent actors to simply go after easy targets, the low hanging fruit. In the case of residential burglaries, when met with a locked door most thieves will simply move on to the next house with easier entry. This is unfortunately the case with ransomware: the least-prepared organizations, like small and medium businesses, are becoming the lion’s share of victims.
With ransomware attacks, increasingly it’s not if, but when. The best defense against a ransomware attack is simply being well prepared to respond to and recover from it. Many organizations fall into the trap of spending extravagantly to prevent attacks but gloss over preparedness to respond when they inevitably find the latest ransom note on one of their systems. Organizations that are best prepared have detailed incident response plans specifically aimed at ransomware events, along with the necessary business continuity and disaster recovery plans.
Here are three tips organizations of any size can follow to best prepare for a ransomware attack:
- Adequately manage vulnerabilities – Most organizations have some level of understanding of vulnerability management. Unfortunately, though, common standards that leave known vulnerabilities unpatched for 30, 60 or 90+ days leave organizations quite susceptible to ransom attacks. Ensuring you’re aware of your vulnerabilities and have a mature patch management program (potentially leveraging a managed security service provider (MSSP) help ensure the front door isn’t left unlocked for a cybercriminal.
- Test, test and test some more – Having well-documented plans isn’t good enough; testing these plans and capabilities regularly (annually is the bare minimum) develops the muscle memory to successfully respond. Further, utilizing a third party to develop testing scenarios that mimic the attacks happening today, not six months ago, helps organizations get the most bang for their buck and be further prepared when an attacker strikes.
- Implement an MDR capability – Managed detection and response (MDR) is a mix of technology and human expertise that enables organizations to quickly identify threats in their environments and limit the attack’s spread (think, ransomware) throughout the environment – ultimately decreasing ransomware’s potential impact. By utilizing a third-party MDR partner, organizations can leverage access to a global network of capable threat hunters, content developers and analysts – all of whom are well versed in identifying and quickly responding to and remediating threats before they can cause the organization material damage.