Ransomware: Only half of organisations can effectively defend against attacks, warns report

Organisations are failing to notice suspicious activity that could indicate a ransomware attack - but there are ways to improve your defences.
Written by Danny Palmer, Senior Writer

Around half of firms don't have the technology to prevent or detect ransomware attacks, according to research by cybersecurity company Trend Micro. It suggests that many organisations don't have the cybersecurity capabilities required to prevent ransomware attacks, such as the ability to detect phishing emails, remote desktop protocol (RDP) compromise or other common techniques deployed by cyber attackers during ransomware campaigns.  

For example, the report warns that many organisations struggle with detecting the suspicious activity associated with ransomware and attacks that could provide early evidence that cyber criminals have compromised the network. That includes failing to identify unusual lateral movement across corporate networks, or being able to spot unauthorised users gaining access to corporate data. 

The cyber criminals behind ransomware attacks are accessing this data to not just encrypt it, but also steal it, using the threat of publishing stolen information as extra leverage to pressure ransomware victims into paying the ransom for the decryption key.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)     

In addition to this, the research suggests that under half of organisations can recover quickly following a ransomware attack. The research also shows that two in five could struggle to effectively learn the mitigation processes required to avoid falling victim to a ransomware attack in future, even after falling victim to cyber criminals.

"There is still a lot of scope for ransomware to become a larger problem," warns the research paper. "And if organisations are ill-prepared the first time to defend against an attack, they may be ill-prepared the second and third times too. Until the business model of ransomware and extortion is disrupted, ransomware is an enduring threat that organizations will have to defend against." 

The paper, based on interviews with 130 cyber professionals in mid-sized and large organisations in the United States conducted specifically for the research, recommends three cybersecurity procedures that organisations should employ to help protect against falling victim to ransomware and other cyberattacks: these are multi-factor authentication (MFA), rapidly patching security vulnerabilities, and storing backups offline.    

MFA can help a lot, because even if cyber criminals do manage to steal passwords, that extra layer of protection can act as an effective barrier to being able to exploit them.   

"While phishing may still result in compromised credentials, MFA reduces the consequential impact," said the report.   

Meanwhile, rapid patching reduces the ability of cyber criminals to exploit known security vulnerabilities as part of the attack chain, while storing backups offline provides a method of retrieving data without paying cyber criminals for a decryption key.   

SEE: Network security policy (TechRepublic Premium)

Despite the presence of backups, however, restoring the network can be a long and cumbersome process, so the best means of avoiding it is to avoid falling victim to a ransomware attack altogether – although the paper acknowledges that no cybersecurity strategy can completely prevent cyberattacks.  

However, if an organisation has a pre-prepared strategy on how to react to a cyberattack, it can make damage limitation easier and recovery much more effective.  


Editorial standards