Around half of firms don’t have the technology to prevent or detect ransomware attacks, according to research by cybersecurity company Trend Micro. It suggests that many of organisations don’t have the cybersecurity capabilities required to prevent ransomware attacks such as the ability to detect phishing emails, remote desktop protocol (RDP) compromise or other common techniques deployed by cyber attackers during ransomware campaigns.
For example, the report warns that many organisations struggle with detecting the suspicious activity associated with ransomware and attacks which could provide early evidence that cyber criminals have compromised the network. That includes failing to identify unusual lateral movement across corporate networks, or being able to spot unauthorised users gaining access to corporate data.
The cyber criminals behind ransomware attacks are accessing this data not only just to encrypt it, but also steal it, using the threat of publishing stolen information as extra leverage to pressure ransomware victims into paying the ransom for the decryption key.
In addition to this, the research, commissioned by Trend Micro suggests that under half of organisations can recover quickly following a ransomware attack. In addition to this, two in five could struggle to effectively learn the mitigation processes required to avoid falling victim to a ransomware attack in future, even after falling victim to cyber criminals.
SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)
“There is still a lot of scope for ransomware to become a larger problem,” warns the research paper. “And if organisations are ill-prepared the first time to defend against an attack, they may be ill-prepared the second and third times too. Until the business model of ransomware and extortion is disrupted, ransomware is an enduring threat that organizations will have to defend against.”
The paper, based on interviews with 130 cyber professionals in mid-sized and large organisations in the United States conducted specifically for the research, recommends three cybersecurity procedures which organisations should employ to help protect against falling victim to ransomware and other cyber attacks. They are multi-factor authentication (MFA), rapidly patching security vulnerabilities and storing back ups offline.
MFA can help a lot, because even if cyber criminals do manage to steal passwords, that extra layer of protection can act as an effective barrier to being able to exploit them.
“While phishing may still result in compromised credentials, MFA reduces the consequential impact,” said the report.
Meanwhile, rapid patching reduces the ability of cyber criminals to exploit known security vulnerabilities as part of the attack chain, while storing back-ups offline provides a method of retrieving data without paying cyber criminals for a decryption key.
Despite this however, restoring the network can be a long and cumbersome process, so the best means of avoiding it is to avoid falling victim to a ransomware attack all together – although the paper acknowledges that no cybersecurity strategy can completely prevent cyber attacks.
However, if an organisation has a pre-prepared strategy on how to react to a cyber attack, it can make damage limitation and recovery much more effective.
MORE ON CYBERSECURITY
