Cyber security is an omni-present topic given the variety, sophistication and prevalence of attacks has been increasing steadily over recent years.
Businesses have quickly realised that defending against them has become a key consideration. Ransomware in particular has seen a surge in ‘popularity’, with its scope widening to include attacks on supply chains that maximise the fallout. It’s no longer just about defending against these attacks but accepting the likelihood of being targeted and preparing fully for recovery. In this article we look at this topic further and expand on some of the key points which were discussed at DTX earlier in the year.
Ransomware: the new frontier
Ransomware has now become so ‘popular’, or gained such notoriety, that it has joined IaaS (Infrastructure as a Service), UCaaS (Unified Communications as a Service) and other cutting-edge technologies in having its very own Magic Quadrant. This was the message delivered by cyber security firm Exabeam at this year’s DTX, as Randeep Gill and Matt Rider delivered a talk entitled, ‘Fantastic Attacks: The Secrets of Ransomware – Understanding the Footprints of the Beast.’
According to Gill and Rider, recent statistics reveal a massive 13% increase in ransomware attacks over the past five years alone, with the average cost of each attack now standing at a staggering $1.85 million. There were more than 500 million ransomware attacks reported globally last year. It’s a growing concern for businesses, with potentially disastrous financial implications.
Speed over stealth
Understanding the modus operandi of ransomware is a crucial first step for businesses in devising an effective defence strategy. Exabeam’s Gill summed it up perfectly when he said, ‘Ransomware doesn’t care about being stealthy – it cares about being quick.’
Unlike traditional malware, which often lingers unnoticed, slowly but surely infecting systems and devices, ransomware strikes swiftly and indiscriminately, often encrypting critical files before a business has even realised what’s happening. With valuable data under threat, businesses have little recourse other than to pay the ransom.
The trajectory of an attack
Regardless of the speed with which they can infiltrate business systems, ransomware attacks follow a distinct trajectory:
Distribution > Infection > Staging > Scanning > Encryption > Payday
The first step here generally involves an outside element using social engineering tactics to deploy harmful software. The vast majority of ransomware is delivered via phishing emails, as with the Conti attack against the Irish Health Service Executive, which delivered a malicious Excel spreadsheet that eventually affected thousands of hospital patients across Ireland and could end up costing €100 million.
However, Exabeam’s experts spoke of a worrying emerging trend, whereby cybercriminals are approaching authenticated users and offering them money for their network credentials, which they are then using to launch ‘insider’ attacks. This approach, they said, blurs the lines between victim and adversary, and highlights the need for constant vigilance and user awareness within organisations.
While ensuring robust security practices such as multi-factor authentication and user access control can help, regular security awareness training for teams is an essential component in the fight against ransomware.
Defending against ransomware is a continuous journey
As with all cyber security considerations, addressing the threat of ransomware requires an ongoing and multi-faceted approach. ‘No product, no solution and no process you can implement today will be relevant in six months’ or even six weeks’ time,’ said Gill. ‘Businesses need to implement a multi-layered, multi-product approach.’
A good place to start is for businesses to leverage the MITRE framework – a systematic approach to understanding and countering the various tactics, techniques and procedures (TTPs) used by ransomware attackers. This framework can help businesses enhance their ability to detect, prevent and respond to ransomware effectively, with a multi-layered strategy that encompasses advanced threat detection, endpoint protection, network segmentation and regular software updates.
A common threat requires collaboration
One of the key weapons we have in our defensive arsenal, the Fantastic Attacks presenters suggested, was the collective intelligence of developers, security experts and business IT leaders. In that respect, collaboration between vendors and security solution providers is essential in helping protect us all against the growing threat of ransomware.
By sharing crucial insights and intelligence, these collaborations allow us to take a united stand against attackers, designing and implementing solutions that tackle real-world threats with real-world applications. For example, security solutions that work with other applications to know what ‘normal’ behaviour looks like within your environment is the best way to stop ‘abnormal’ activity in its tracks. Only by identifying potential threats quickly can ransomware attacks be thwarted before they cause any damage.
Building resilience with backup and recovery solutions
Perhaps the key takeaway from the Fantastic Attacks presentation was that, even with the best preventative cyber security measures in place, there’s no guarantee of complete protection against ransomware.
In fact, the only real way to protect your business against this type of attack is with robust, regularly maintained and immutable backup and disaster recovery solutions in place. These ensure that, even in the event of a successful ransomware attack, you have the means to restore your data and resume business operations quickly.
A tech partner for defence
Ransomware continues to pose a significant threat to businesses worldwide. To safeguard yours, it’s crucial to stay informed, be proactive, and to partner with a reliable technology partner that can support you with robust backup and disaster recovery capabilities.
By understanding the threat of ransomware, implementing multi-layered security measures, educating your teams and ensuring your critical data and systems are fully backed up and tested, you can protect your business against this threat that evolves by the day.