Around half of firms don't have the technology to prevent or detect ransomware attacks, according to research by cybersecurity company Trend Micro. It suggests that many organisations don't have the cybersecurity capabilities required to prevent ransomware attacks, such as the ability to detect phishing emails, remote desktop protocol (RDP) compromise or other common techniques deployed by cyber attackers during ransomware campaigns.
For example, the report warns that many organisations struggle with detecting the suspicious activity associated with ransomware and attacks that could provide early evidence that cyber criminals have compromised the network. That includes failing to identify unusual lateral movement across corporate networks, or being able to spot unauthorised users gaining access to corporate data.
The cyber criminals behind ransomware attacks are accessing this data to not just encrypt it, but also steal it, using the threat of publishing stolen information as extra leverage to pressure ransomware victims into paying the ransom for the decryption key.
In addition to this, the research suggests that under half of organisations can recover quickly following a ransomware attack. The research also shows that two in five could struggle to effectively learn the mitigation processes required to avoid falling victim to a ransomware attack in future, even after falling victim to cyber criminals.
"There is still a lot of scope for ransomware to become a larger problem," warns the research paper. "And if organisations are ill-prepared the first time to defend against an attack, they may be ill-prepared the second and third times too. Until the business model of ransomware and extortion is disrupted, ransomware is an enduring threat that organizations will have to defend against."
The paper, based on interviews with 130 cyber professionals in mid-sized and large organisations in the United States conducted specifically for the research, recommends three cybersecurity procedures that organisations should employ to help protect against falling victim to ransomware and other cyberattacks: these are multi-factor authentication (MFA), rapidly patching security vulnerabilities, and storing backups offline.
MFA can help a lot, because even if cyber criminals do manage to steal passwords, that extra layer of protection can act as an effective barrier to being able to exploit them.
"While phishing may still result in compromised credentials, MFA reduces the consequential impact," said the report.
Meanwhile, rapid patching reduces the ability of cyber criminals to exploit known security vulnerabilities as part of the attack chain, while storing backups offline provides a method of retrieving data without paying cyber criminals for a decryption key.
SEE: Network security policy (TechRepublic Premium)
Despite the presence of backups, however, restoring the network can be a long and cumbersome process, so the best means of avoiding it is to avoid falling victim to a ransomware attack altogether – although the paper acknowledges that no cybersecurity strategy can completely prevent cyberattacks.
However, if an organisation has a pre-prepared strategy on how to react to a cyberattack, it can make damage limitation easier and recovery much more effective.
MORE ON CYBERSECURITY
- Ransomware: Banning victims from paying ransoms might reduce attacks, but it won't stop them
- Ransomware: Five questions you need to ask about your defences, before you get attacked
- Ransomware attack on Kaseya, a software firm, threatens businesses worldwide
- Ransomware: Russia told to tackle cyber criminals operating from within its borders
- This major ransomware attack was foiled at the last minute. Here's how they spotted it