How to mitigate ransomware attacks
Ransomware attacks are a type of cybercrime where hackers will use malware to encrypt computer (or network) files, locking users out of the system until a ransom is paid to a cybercriminal. Ransomware attacks have been around since the mid-2000s but they’ve made recent headlines as attacks against Colonial pipeline and the U.S. meat industry have shown that they are more than just a technology challenge, and can also significantly disrupt everyday life.
Between ransoms paid and lost productivity, ransomware attacks cost U.S. businesses an estimated $2.3 Billion in 2020 alone. The disruption caused by the COVID-19 pandemic, the popularization of cryptocurrency as a ransom payment, and support (or lack of prosecution) from foreign states have created an ideal environment for ransomware attacks to flourish.
In the past year, there have been more than 15,000 cases of ransomware attacks on U.S. companies. The actual figure is likely much higher as many of these attacks go unreported by companies who see the ransom as a small price to pay for the bad public relations that can follow an attack. Ransomware is also dangerous because attacks can happen to any business, organization, and even individuals. The average downtime after a ransomware attack is approximately 23 days, and the average cost is nearly $2M, not including the damage to your brand.
Preventing Ransomware Attacks
Ransomware is like most things in life that are dangerous -- an ounce of prevention is worth a pound of cure. Because ransomware needs some entry point into your system, many attacks can be prevented by changing the way employees think and act on a daily basis when it comes to cybersecurity.
Here are six things you can do to help mitigate the risk of ransomware impacting your company.
1. Train employees to avoid phishing and social engineering scams
If ransomware is a forest fire, then employees are the tinder that starts the blaze. Hackers scan social media profiles and use phishing scams and social engineering scams (sometimes called vishing or voice-phishing) to elicit personal information, account numbers, and login credentials from unsuspecting users by impersonating real entities either via email or the phone. Dashlane interviewed white-hat hacker Rachel Tobac in March 2021 about social engineering and phishing schemes and published a detailed guide, "How to Run an Effective Phishing Test at Work," to help you and your employees better understand these types of threats.
2. Provide tools and create policies that promote good security hygiene
Cybercriminals obtain a list of passwords stolen during a data breach, then attempt to use them to compromise servers and endpoints. Because so many users use weak, common, and easily guessed passwords and/or reuse passwords across accounts, these attacks are very successful.
Using an easy-to-use password manager makes life easier for your employees and can dramatically reduce the cause of the majority of cyber incidents. Many large businesses rely on single sign-on (SSO) to help them manage access for many of their employees’ work logins. However, SSO providers are only compatible with select business apps, and do not cover essential needs such as secure password sharing, password vault encryption, or a password health dashboard to monitor risks. SSO also cannot support employees’ security hygiene when using personal productivity tools that the company doesn’t pay for, such as Notion, Evernote, or Asana.
Additionally, security experts recommend a second line of defense should your password become exposed and suggest implementing Two-Factor Authentication (2FA) on all your accounts. 2FA supplements your password by requiring an additional code whenever you authorize a new device to access your account, or else each time you log in to your account. We recommend using 2FA tools for all your company’s logins.
3. Install and maintain network security and monitoring tools
There are many viable solutions for endpoint security that can reduce your risk of falling victim to ransomware. Commercially available firewalls and VPNs can be installed on laptops, desktops, and even mobile devices to safeguard your network at the edge. The most important part of any of these tools is to maintain and update them regularly. If they aren’t updated automatically, stress the importance of updates to your employees and help them understand how to do it as simply as possible. An unpatched device is like a welcome sign for hackers.
Likewise, at the network level, be sure to maintain your servers and systems and keep them up to date. Use vulnerability scanners and network intrusion detection software to help identify malicious activity or policy violations before they become a larger problem.
4. Monitor the dark web
At the end of the day, no password is unhackable. As of 2020, more than 11.6 billion enterprise accounts have been breached. These accounts frequently end up for sale on the dark web, where they are used to gain unauthorized access to organizations and websites. But you certainly don’t want your employees running around the dark web looking for their credentials, and it can be a daunting task for even seasoned network security professionals.
As an enterprise-level password management solution, Dashlane offers the ability to actively monitor the dark web and alert you when an employee’s credentials or passwords have been compromised.
5. Keep your data backups segregated from your main network
Keeping a current data backup is an important part of any cybersecurity plan. Should you fall victim to a ransomware attack, backups are critical to execute your disaster recovery plan and recover faster from the incident and/or ignore the ransom. However, data backups are only useful if they are not locked as part of the same attack. It is crucial to maintain strong segregation between your live systems and the backups as part of your defense against ransomware.
6. Solve the human security problem
All the tools, tech, and processes in the world aren’t enough on their own. You also need to create a culture where employees care about cybersecurity and see it as a shared responsibility. In a recent Harris Poll, more than two-thirds (70 percent) of respondents stated they believe it is their company’s responsibility to make sure their work accounts aren’t hacked or breached. That’s not good enough. Employees need to understand that their behavior impacts the entire company. Something as simple as clicking the wrong link or using an Excel spreadsheet to manage their passwords can have catastrophic results for the organization.
Another important factor in having a security-focused culture is that employees need to feel comfortable talking to I.T. about potential threats they encounter or maybe even engaged with. Being able to react quickly can help mitigate any potential damage. When you make it clear that everyone is responsible for cybersecurity, you can break down the silos that exist between I.T. and the rest of the company and create a trusting relationship where everyone is part of the same team.
Final Thoughts
Implementing these six steps can dramatically reduce your risk of a ransomware attack and improve your overall security. But it isn’t going to be easy for everyone. It will require a change in mindset for many companies and a commitment to investing in training, education, and tools that make employee’s lives easier instead of complicated.
Image credit: AndreyPopov/depositphotos.com
Frederic Rivain is Dashlane CTO