An important concern for businesses today is protecting themselves from cyberattacks, whether it be an advanced password scam or orchestrated ransomware attacks. With the new GDPR regulations coming in 2018, the storage and protection of data—both business and customer—should be at the top of the list for all companies. One way to help protect against data loss is protecting yourself against cyberattacks.
The year 2017 has shown us that multiple businesses and industries can be hit by ransomware, and according the FBI, 2016 saw an increase of approximately 300% in ransomware attacks from the year before. With the FBI expecting ransomware payments for 2016 to hit $1 billion, ransomware is an urgent issue for companies around the world.
Ransomware attacks are generally conducted through phishing emails or social engineering to gather passwords or sensitive data from employees; the attackers then use this information to access restricted files. Once access is granted, the attackers lock files and sensitive data behind a paywall, meaning that anyone who tries to access it will be greeted by a screen demanding payment before they can see the data. These malware attacks can vary in both the sensitivity of the data for ransom and the fee attackers want to collect. Attackers can also demand the fee be paid by a certain deadline, after which they begin deleting or publicizing files if they haven’t received payment.
Perhaps the most notable attack of this kind in 2017 was the WannaCry ransomware, which infiltrated approximately 300,000 computers across 150 countries. The WannaCry breach affected NHS systems containing a wealth of sensitive patient data as well as the FedEx Memphis headquarters and networks at Nissan, Deutsche Bahn, Telefonica and even Chinese government agencies. It could have been worse had a killswitch not been accidentally activated during the second wave of the attack.
Unfortunately, there is no single solution when it comes to protecting yourself or your company against these attacks. But a Sungard Availability Services guide outlines how companies can create a defence-in-depth approach to security, implementing multiple layers of active and reactive measures to help protect yourself against ransomware attacks.
Step 1: Preparation
There are four major aspects of preparation to consider: educating staff, defence-in-depth security layers, outdated operating systems and network segmentation.
Because ransomware attacks often use phishing emails to plant the malware on employee devices, educating staff about how to identify different phishing and social-engineering tactics is a crucial part of preparation. By helping staff members understand how to spot these tactics and the associated risks, you’ll help them become more careful about clicking on links from unknown sources, in turn reducing the risk of malware entering your systems.
You should also spend time identifying where your most sensitive or important assets and data are in your systems. Doing so will allow you to implement a defence-in-depth security approach that allows you to add different layers of security to make it harder for attackers to access the data in the first place. It will also help in segmenting your network, as it will mean you can move some of your more valuable data onto an operating system that’s frequently backed up and updated with the latest security measures.
Last, make sure that all of your operating systems have the most up-to-date security measures. In the case of the WannaCry breach, one reason it spread so quickly and easily was that people didn’t install the latest security patch shortly after its release. This oversight left a security gap, which attackers were then able to exploit to deploy the malware.
Step 2: Detection
Owing to the nature of ransomware attacks, you’ll never be fully protected, and preparation will only get you so far. You must be able to detect it if you suspect your systems have come into contact with the malware.
To do so, frequently monitor activity to ensure no anomalies appear in administrative commands regarding file encryption, for example. Administrators will rarely encrypt sensitive files, so if you spot such a thing, the systems may have been infected and urgently require investigation.
In addition to checking for unusual file encryptions, you can also check for an increased frequency of file renames. Large numbers of renamed files are a common output of ransomware as the malware moves through the system to encrypt data. You can set up an alert to notify you when numerous files are renamed to help trigger an investigation.
Step 3: Mitigation
Mitigation of ransomware attacks largely revolves around having a disaster-recovery plan. Luckily, such a plan will be the norm for companies once the 2018 GDPR regulations are in place, as businesses need to improve the storage and retrieval process for sensitive data as well as how they communicate breaches to the public. A large part of this effort is making sure a disaster-recovery plan a) knows where all sensitive data is stored, b) understands how to access it in the event of an emergency and c) sets recovery-time and recovery-point objectives for restoring data and systems.
A huge part of being able to effectively implement a disaster-recovery plan is ensuring that you frequently back up all of your systems and data to secure servers. Without regular and secure backups, data recovery will be much more difficult, as it would mean restoring systems from an outdated period and thus potentially losing vast amounts of newly collected and stored data. You may therefore have no option but to pay the ransom fee to restore your data, whereas with more frequent and secure backups, you may be able to minimize this risk.
Overall, you can take action to reduce the risk of ransomware attacks, but since no single solution can protect you completely, you must always remain vigilant. Make sure that all outdated systems are updated as soon as possible, and frequently create backups of all files and applications to minimize data loss in the event of a breach. Keeping employees up to date with the latest security guidelines and company procedures is also crucial to maintaining security, so it may be worth setting up training sessions regularly as well as ensuring your staff knows the process for implementing a disaster-recovery plan if breach occurs.
About the Author
Bethany Cornell is a digital-marketing expert focusing on digital PR. Her interests include technology, data and security news.