Ransomware Statistics are Off the Charts
Ransomware has been evolving. Years ago a strong data backup process and technology stack could help businesses recover quickly from a ransomware attack. Those days are over. Hackers deploying ransomware have three strong work-arounds for you backup solutions to use in order to make you pay their ransom demands. First, if they can get into your network (often the case), then they try to quietly delete your backups from existence. The moment you notice, they execute the encryption and you’re backups aren’t there.
Second, they sometimes encrypt the backup data with their ransomware making it impossible to recover. This method is much more difficult to do when versioning is in place for your backup solution. However, if you have the ability to restore your data from a prior version, then hackers go to option #3.
Option #3: threaten to release your private data to the Internet. Modern ransomware has evolved to exfiltrate (steal) your data to offsite locations. This enables a hacker to comb through the data looking for juicy bits of Non-Public Personal Information (NPPI) and threaten to release it to the world. If your a law firm, healthcare provider, tax accounting firm, you can ill afford to have a data breach like that on your hands for your clients. This is the nuclear option for ransomware and it is leading to more and more ransoms being paid.
So, what does CyberHoot recommend you do to protect yourself? The following:
CyberHoot Best practices:
- Train your employees on the common attacks that are out there. From weak passwords and password managers, to the importance of multi-factor authentication and how to spot phishing attacks. Awareness is the key to defending your business.
- Govern you employees with cybersecurity policies including Acceptable Use, Password, Information Handling and a Written Information Security Policy.
- Establish cybersecurity best practice processes such as a Vulnerability Alert Management Process (VAMP) and a Cybersecurity Incident Management Process (CIMP) to guide and require action in the face of an emergency. Then move on onboarding and offboarding processes, SaaS management processes, and 3rd party risk management.
- Establish strong technical protections including: a Firewall, antivirus, anti-malware, anti-spam, multi-factor authentication on all critical accounts, Enable full disk encryption, manage the keys carefully, and most importantly, adopt, train on and require all employees to use a Password Manager.
- Test employees on how to spot and avoid phishing attacks. CyberHoot has released a disruptive method of Phish Testing the fills in gaps in your employees knowledge without punishing them for failure. Instead we reward them for success. More info is available here.
- Backup your data by following our 3-2-1 Backup methodology to ensure you can recover your business from a cybersecurity event.
- In the modern Work-from-Home era, make sure you’re managing personal devices connecting to your network by validating their security (patching, antivirus, DNS protections) or prohibiting their use entirely.
- If you haven’t had a risk assessment by a 3rd party in the last 2 years, you should have one now. Establishing a risk management framework in your organization is critical to addressing your most egregious risks with your finite time and money.
- Buy Cyber-Insurance to protect you in a catastrophic failure situation. Cyber-Insurance is no different than Car, Fire, Flood, or Life insurance. It’s there when you need it most.
CyberHoot believes that for many small to medium sized businesses and MSPs, you can greatly improve your defenses and chances of not becoming another victim of cyberattack if you follow the advice above.