How to Stay One Step Ahead of Ransomware in 2022

In his previous blog, ITC’s Cyber Advisor, Neil Lappage, discussed how the capabilities of ransomware actors and the complexity of attacks are evolving faster than an organisation’s ability to prevent them.

Ransomware continues to be amongst the fastest-growing cyber attack strategies faced by businesses today. Bad actors are also making attacks more complex, costly, challenging to identify, and to stop and respond to – acting on potential targets’ weaknesses faster than businesses can react.

The good news is that an organisation and its leaders can take steps to reduce the risk of ransomware attacks. Whilst there is no silver bullet that will solve or defend against ransomware, a multi-layered approach is needed to improve cyber security posture overall with strategies to cover all different stages of an attack with the right balance of people, technology, governance and culture.

So, what can an organisation do to stay one step ahead?

Six tips to stay one step ahead of ransomware in 2022

  1. Protect your backups like the crown jewels: Backups remain the gold standard for recovery which is underpinned by regular testing to ensure they work. Beyond backing up data on a regular basis, having backups that are offline and immutable (i.e. they can’t be encrypted) is critical to support recovery. Frequently, an organisation has found that their backups are encrypted or, in some cases, a loop of systems being re-encrypted. In support of this the crucial first-step, an organisation must effectively identify what their most valuable assets and data are, and where they are located.
  • Reduce the blast radius: Adopt contemporary security controls such as a Zero Trust approach or other network segmentation controls which provide isolation to limit the number of systems affected, and the business impact. Furthermore, from a privileged access management perspective, ensure that people can only access the resources they need to do their job; in particular, ensure that any user accounts with mailboxes connected are restricted.
  • Practice good security hygiene: Using tools to ensure good hygiene around security controls is of paramount importance which, in many cases, will prevent initial access to systems following misconfigurations, e.g. inadvertently presenting vulnerable internal systems to the Internet.
  • Embed a culture of cyber security: In almost all cases, ransomware prevention starts with people. Implementing cyber security awareness programmes for both users and IT staff is an effective first line of defence; this will help to prevent scenarios such as end users clicking on nefarious links or IT engineers not being aware of security architecture best practice.
  • Don’t forget your supply chain: Your business is only as strong as its weakest link. Third-party vendors present one of the biggest cyber risks to any company. Businesses should review its third-party risk management plan to ensure that vendors are required to have appropriate security controls in place to protect sensitive information; all written agreements with vendors should contain provisions for addressing cyber security risks including insurance coverage.  Businesses should also audit vendors periodically to verify that any required controls are in place with supporting third-party attestation, when possible.
  • Plan and test your incident response: Most importantly, ransomware protection means preparing for an attack by ensuring that everyone understands the impact of ransomware on their organisation; they know how to respond if hit with an attack and that key files are backed up so that data can be recovered. Every plan should be evaluated at least annually through a tabletop exercise which may involve outside counsel or third-party vendors.

Without doubt, ransomware is growing in the extent of its boldness and veracity. Future outbreaks are likely to be faster and stronger and attempt to inflict more damage to their targets.

But technically and tactically, there are a range of activities that, together, will help an organisation be better prepared to defend and respond more effectively to ransomware attacks. And this means taking a holistic and integrated approach to cyber security.