As cybersecurity experts are still trying to unravel the recent Colonial Pipeline and JBS meatpacking company hacks, the White House urges all U.S. organizations to beef up their ransomware prevention measures. These warnings come in the wake of the Department of Homeland Security announcing revised cybersecurity requirements for pipeline companies.
Here's why these recent developments are crucial for your Chicagoland business and how to stay safe:
Ransomware Attacks Are on the Rise
According to Reuters, ransomware attacks have significantly increased in frequency and impact over the last few months. While confirming this, Anne Neuberger, the cybersecurity advisor at the National Security Council, released a public memo advising businesses to take ransomware hacks more seriously. The notice partly read, "The threats are serious, and they are increasing."
However, the increment in the frequency of ransomware attacks did not come as a surprise. This is because the COVID-19 pandemic provided some sort of hacker's paradise.
Most organizations hurriedly implemented half-baked work-from-home models without critically evaluating their long-term cybersecurity impacts. As a result, we've seen employees carry more corporate gadgets to less-secure home-office environments where they're more exposed to compromise. Even worse, some organizations allowed staff to connect their personal gadgets to corporate networks to facilitate remote working. These devices do not have the same level of protection as company-given gadgets, hence provide an easy backdoor to your systems.
Ransomware Attacks Are Becoming More Complex
Initially, ransomware attacks were simple breaches where hackers encrypted personal devices and demanded a few bucks as ransom. Over the years, cyber actors have continually advanced their trade by targeting businesses using more complex tactics and demanding bigger ransoms. Last year saw a tremendous increase in supply chain attacks where hackers targeted several organizations simultaneously.
Ransomware Attacks Threaten Core Business Functions
A typical ransomware breach involves hackers compromising your network, accessing and encrypting your files and data, and then demanding a ransom to restore access. Even with the evolution of cyberattacks, this technique hasn't changed that much. Ransomware attackers still primarily focus on unauthorized access and stealing of corporate data.
However, going by the recent Colonial Pipeline and JBS meatpacking company breaches, the nature of ransomware attacks might change soon. Hackers no longer only focus on data theft. They also seek to deliberately disrupt normal operations by denying businesses access to critical files, slowing down networks, or shutting them altogether. Such interruptions are usually very costly, and any company would stop at nothing to avert or thwart them—including paying hefty ransoms.
Bad cyber actors are aware of this and are using it to coerce companies into hastily paying ransoms. As it seems, this tactic works pretty well for them—JBS paid a ransom of over $11 million and the Colonial Pipeline over $5 million to Russian-based hackers in attacks just one month apart.
Ransomware Attacks Are Getting Costlier & Everybody Is a Target
There's a widespread misconception that large organizations are more susceptible to ransomware attacks. The truth, however, is that cyber attackers do not discriminate; they target large and small businesses alike. In her open letter to the private sector, Anne Neuberger says that "no company, large or small, is safe from ransomware attacks."
In fact, small and medium-sized businesses are likely to be affected more by ransomware attacks. That's because they do not have the same financial muscles to invest in the type of intrusion detection and prevention technology that larger organizations have. With the National Security Institute estimating the average ransom fee to be $ 200,000, a single ransomware attack is enough to bring most SMBs to their knees.
Every business is a potential target. Therefore, you should always assume that cyber actors are plotting to attack next.
How to Safeguard Your Organization Against Ransomware Attacks
As we always say, data security begins with the basics. Even as you invest in robust technologies and list the services of top-notch IT support companies, do not overlook essential intrusion detection and prevention measures. Even the White House memo to the private sector speaks of simple ransomware prevention best practices:
- Maintain proper, easily retrievable offline backups of your files and data: Ransomware attackers rely on your inability to access crucial files during an attack to disrupt your operations. That's why you should regularly back up your files, system images, data, and configurations. Periodically test the backups and ensure they aren't connected to the network, since most ransomware variants also try to encrypt or delete backups.
- Regularly update and patch your systems: Updating your operating systems, applications, and firmware ensures that you have the most recent versions with the latest security features. A risk assessment strategy should drive the patch management program.
- Regularly test your incident response protocols: The nature of ransomware attacks is continually changing, so should your first-response plans. Occasionally, run them through core questions to identify gaps or areas that need adjustments.
- Train and assess your staff's ransomware prevention awareness: Even with the best cybersecurity technologies, your systems are still vulnerable if your employees can't identify and prevent a potential ransomware attack. Therefore, you should regularly train them on how to spot and respond to threats. Also, consider launching occasional simulated attacks to gauge the awareness and preparedness levels.
- Segment your networks: With cyber actors now aggressively seeking to disrupt operations, separate core business functions from other production operations. Limit access to your most crucial networks and add an extra layer of security. So, even if hackers enter your network, they won't be able to disrupt core functions that can stall operations.
LeadingIT offers 24/7, all-inclusive, fast, and friendly technology and cybersecurity support for nonprofits, manufacturers, schools, accounting firms, religious organizations, government, and law offices with 10-200 employees across the Chicagoland area.