Ransomware attacks are increasingly impacting businesses on a global scale. These attacks are continuing to accelerate because they are extremely lucrative for the attackers, according to Forrester.
AXA Asia, FujiFilm, New York City's transit system (M.T.A), and JBS (the world's largest meatpacking company) are among the companies that recently joined SolarWinds and Colonial Pipeline as victims of ransomware attacks.
"They cost them virtually nothing to execute compared to the sometimes double pay day they receive by holding companies hostage and then threatening to leak the data they stole," says Forrester analyst, Steve Turner.
"Plus, these organisations have ephemeral infrastructure, which means that what they are using can quickly be stood up and torn down, or are running RaaS, Ransomware-As-A-Service, where they've got a lot of affiliates that are actually executing the attacks," he says.
Turner says companies are rarely prepared because they may not have touched or tested their incident response plan since it was created.
"A lot of companies haven't run tabletop exercises that include folks outside of their IT/Security teams simulating a ransomware attack. We need to increase our preparedness on both of these fronts," he says.
"Critical infrastructure is an easy target because attackers feel like they've backed those companies into a corner and they don't have any choice, but to pay the ransom," Turner adds.
"Until theres requirements or penalties for companies in these critical sectors, they'll continue paying the ransom and ransomware operators will continue to target them."
Turner provides a 6-point advice on best practices to thwart attacks:
1. If your company doesn't have a robust backup and data storage strategy, that should be priority #1. Identify where all your critical data sits and back it up regularly to somewhere where it can be stored disconnected from your companies network. Test restoring those backups to ensure your whole strategy works end to end.
2. Security hygiene is key to helping prevent and ultimately contain ransomware. Companies should be patching their systems and apps on at least a monthly basis if not more regularly. Prioritise systems and apps that are connected directly to the internet.
3. Multifactor has been something that we still see that isn't turned on within environments, yet it's one of the best security controls you can utilise to stop an attacker dead in their tracks. While we know it's not something easy, it's paramount that companies try to centralise their identity systems and require multifactor where possible.
4. Secure your privileged accounts immediately and require multifactor. Make sure to include your admin accounts that are used to manage your cloud environments as well.
5. Ensure that you have endpoint protection deployed to all of your computers and servers. Make sure that it's turned on, updated, and working. Most companies can get a health check from their endpoint protection vendor for free, take advantage of that.
6. Put a plan in place to move towards Zero Trust, this can be in bits in pieces by implementing least privilege, segmenting critical pieces of your network, or even by starting to implement multifactor.