According to NordLocker, 37% of organizations fell victim to ransomware in 2020 globally. The study also reveals that France is in fourth position among the most affected countries in 2020 and 2021, with 58 cases. The implementation of two strategies is therefore essential to deal with these increasingly numerous and devastating campaigns: risk management to limit vulnerabilities as much as possible; and an incident response procedure to react quickly and effectively in the event of an intrusion. Communication work with employees is also important to implement good cyber-hygiene.
The deployment of a risk management strategy
For an optimal defense against ransomware, it is first important to implement a prevention strategy. It is then a question of relying on complete audits which regularly evaluate all the terminals of a system and identify those most likely to be exploited. For example, VPNs pose a significant risk, especially if they haven’t been updated for a long time. Cybercriminals connected to an abandoned and inactive VPN account, using the password of an employee available on the dark web, to break into the Colonial Pipeline network. This compromise had led to the complete shutdown of certain essential software for several days.
It is also recommended to deploy modern multi-factor authentication (MFA) to counter the risk of compromises. Traditional identification, which relies on a username and password, does not effectively protect organizations against sophisticated attack techniques.
Consequently, they increase the risk of unauthorized access to critical systems; such as a cybercriminal posing as a legitimate user to launch ransomware into their networks. For optimal security, companies must therefore use a solid MFA, based on hardware solutions; such as a smart card or FIDO-compliant physical security keys.
In addition, multi-factor authentication has another advantage: ensuring better coverage by cyber insurance companies in the event of an attack. They often set the amount of their premiums according to the efforts made to mitigate the risks. Some therefore refuse to pay compensation if they do not have proof of the existence of an MFA.
Establish a response plan
Hackers are constantly learning, improving and changing tactics. Some automated systems and reporting tools are useful in overcoming this problem; but many are designed to detect only previously encountered ransomware attack vectors. Therefore, a dedicated Incident Response Plan (IRP) is highly recommended.
This procedure must be applied upstream, updated and tested regularly. It also needs to be detailed enough that key decisions aren’t made on the fly when needed. By favoring an IRP, a company will not have to improvise and will find itself faced with a simple operational incident rather than a major disaster.
In order to guarantee the effectiveness of this strategy, several factors must be taken into account. First, the organization’s management should be involved and directly accountable for it, but empower IT teams to develop a workable and workable policy. The latter must precisely describe the strategies, and identify the teams dedicated to business continuity and recovery after an attack. Finally, performance bonuses as well as clearly defined objectives in terms of employee evaluation are essential to promote the execution and maintenance of the measures in place.
The corporate culture
In order to fully prepare and protect against any compromise, developing a culture open to change is also essential, even if it upsets everyone’s habits. Indeed, a company has the responsibility to protect its sensitive data, as well as that of its employees, customers and partners. As a result, IT managers need to train teams in cyber hygiene best practices and keep them up-to-date on new attack techniques. This communication will help create an enabling security framework, where necessary corrective actions will be easily approved if a vulnerability is identified or a best practice needs to be implemented.
As cybercriminals perfect their ransomware attacks, it becomes urgent for businesses to protect themselves accordingly. To limit the risks of intrusion and guarantee everyone’s safety, a prevention plan, subject to audits and which integrates a modern MFA, makes it possible to strengthen the defenses of an organization. Moreover, the parallel development of a culture focused on cybersecurity will increase the adoption of these strategies. Thanks to these practices, it will be possible to prevent and respond effectively and in time to ransomware.