As previously stated on this blog, ransomware attacks are up 485% year-over-year according to an industry report. In just the last few months, several high-profile ransomware attacks have impacted corporations, sending shockwaves that have not only impacted large corporations but individuals and their personal wallets.
The White House penned an open letter urging private companies of all sizes to take ransomware more seriously. The letter outlines several steps that companies need to take in order to secure themselves against a ransomware attack:
- Implement best practices to help prevent and stop the spread of cybersecurity threats.
- Backup data, system images, and configurations. Regularly test backup systems and keep backups offline.
- Update and patch systems promptly.
- Develop and test an incident response plan.
- Check your security with a third party to test for vulnerabilities.
- Segment networks to prevent the disruption of an entire operation.
The United States Government is taking ransomware and cybersecurity seriously. President Biden issued an executive order on May 12, 2021, which requires government agencies to harden systems and implement procedures designed to protect against cyber threats. Private companies, from small mom-and-pop stores to large multi-national corporations need to protect themselves against cyber threats, too. Particularly, the Cybersecurity & Infrastructure Security Agency mentions government and law enforcement agencies, educational institutions, healthcare systems, and critical infrastructure entities as potential targets for a ransomware attack.
A ransomware attack can cripple critical systems that can create a devastating situation for businesses and government agencies. Systems must be in place to:
- Prevent an attack from happening in the first place. This is done with a combination of education, adequate antivirus, and cyber policies designed to protect against such an attack
- Promptly respond to a potential threat. Develop a response plan that includes the prompt reporting of incidents to IT staff. The sooner a threat can be identified, the quicker remediation can take place to correct a problem. Employees should not feel threatened or unwilling to report a problem. Instead, employees should be encouraged to report potential problems that the IT staff can investigate.
- Block or prevent malicious code from reaching end users. Many malware attacks originate from code downloaded through an email. Make sure that filters are in place to weed out spam, phishing, and malware. This should happen at the email server level and on the user’s device.
- Backup data on a regular basis. In the event that systems have been compromised and a ransomware attack somehow bypasses all other security systems, recover from the attack using the most recent clean backup.