The rise of ransomware over the past few years is an ever-growing problem that has quickly become an extremely lucrative criminal enterprise. The number and size of ransomware incidents in recent months have ramped up significantly. The threats of ransomware attacks are very serious, and if you know of anyone or any entity that has undergone such a potentially devastating event, then you will fully understand the seriousness of protecting against such an attack.
Ambit Solutions urges you to take these critical steps to protect your organization as well as the American public and broader economy in general. Granted, the Federal Government is actively working with countries around the world to hold ransomware actors and the countries who harbor them accountable, including disrupting ransomware networks, developing cohesive and consistent policies towards ransom payments, and enabling rapid tracing and interdiction of virtual currency proceeds. But they can’t fight the threat posed by ransomware alone. Strengthening your information technology plant is just as important a priority as increasing the resilience of all private and public sectors including municipal, state, and federal government entities from cyberattacks.
The most important takeaway from the recent spate of ransomware attacks is that decision-makers who view ransomware as a threat to their core business operations — rather than a simple risk of data theft — will react and recover more effectively. To understand your risk, school administrators and business executives should immediately convene their leadership teams to discuss the ransomware threat and review corporate security posture and continuity plans to ensure you have the ability to continue or quickly restore operations.
Targeted organizations often believe that paying the ransom is the most cost-effective way to get their data back — and, unfortunately, this may also be the reality. The problem is that every single business that pays to recover their files is directly funding the development of the next generation of this cyber threat. As a result, it continues to evolve, with more sophisticated variants and more specific targeted cyber attacks. The costs will continue to rise as well.
If you are responsible for your organization’s technology plant, you have a critical responsibility to protect against these threats. All organizations must recognize that no one is safe from being targeted by ransomware, regardless of size or location. But there are immediate steps you can take to protect yourself, your facilities as well as the audience, staff, and clientele to and for which you are responsible. We urge you to take ransomware crime seriously and ensure your school and corporate cyber defenses match the threat.
Ambit Solutions stands ready to help you implement some recommended best practices of highly impactful steps to focus and make rapid progress on driving down risk.
Implement these 10 best practices to significantly reduce the risk of a successful cyber-attack:
1. Consider implementing multi-factor authentication because passwords alone are routinely compromised
2. Create endpoint detection and response to hunt for malicious activity on a network and block it
3. Implement encryption so if data is stolen, it is unusable
4. Establish a skilled, empowered security team to patch rapidly, and share and incorporate threat information in your defenses. Consider using an independent third party to test the security of your systems and your ability to defend against a
5. Backup your data, system images, and configurations; regularly test them, and keep the backups offline
6. Ensure that backups are regularly tested and that they are not connected to the operations network, as many ransomware variants try to find and encrypt or delete accessible backups
7. Consider maintaining current backups offline so that your entity can restore critical systems quickly
8. Update and patch systems promptly: This includes maintaining the security of operating systems, applications, and firmware, in a timely manner
9. Test your incident response plan
- Search for gaps in the plan
- Run through some core questions and use those to build an incident response plan: Are you able to sustain operation without access to certain systems? And for how long? What are your most vulnerable systems; such as critical record retention or billing and which can be operated offline?
10. Segment your networks: Because there’s been a recent shift in ransomware attacks – from stealing data to disrupting operations — it’s critically important that your school and corporate business functions and operations are separated:
- Carefully filter and limit internet access to operational networks
- Identify links between these networks and develop workarounds or manual controls to ensure ICS networks can be isolated and continue operating if your corporate network is compromised
- Regularly test contingency plans such as manual controls so that safety-critical functions can be maintained during a cyber incident.
More Information… What the US Government Says About Ransomware