Showcased across traditional news outlets and dominating the cultural zeitgeist, ransomware and the threat it presents to individuals, corporations, and nation-states is occupying the public consciousness like never before.
The eye-popping statistics of annual increases in ransomware activity and dizzying ransom prices validate this growing concern. During October alone, there was an increase of 151% in ransomware activity, with the total cost of the ransom paid increasing by 171% — running an average of $312,493 in 2021.
2021 Cybersecurity Trends and Threats CSOOnline (fig.1)
It is not just the volume that is concerning, but also the sophistication of the groups launching the attacks and within the malware itself.
Nation-state actors are often directly supporting and providing the infrastructure and funding to the groups responsible for these attacks. Accordingly, small and medium business (SMB) owners are highly encouraged to adopt proactive security measures to mitigate the impacts this highly unbalanced challenge poses to their business’ livelihood.
It would be a fallacy to say that an enterprise can ever be fully inoculated against this threat, but ownership of information systems and the data they protect is realistic, tangible, and can be achieved through in-depth defense. This concept dictates that — akin to onions — as you peel away one layer, there will be an additional layer between the next.
In this regard, controls ranging from technical and administrative to physical can provide visibility and security to the overall network. This blog will explore what those layers are and the impact of not having this security redundancy for victims of ransomware.
At BinaryLab, it is our wholehearted belief that proactive security strategies within this defense-in-depth paradigm will result in the greatest protection against this prolific, emerging ransomware threat. That danger mitigation begins with regulating an organization’s people, processes, and technology with independent third-party validation and verification of the controls within these three processes is essential.
- People: Users are the largest threat to an enterprise. Ensuring employees understand an organization’s technology and processes — like policies and the data with which they work — enables them to diligently safeguard that sensitive information. Proper stewardship of data will make the users trusted agents both internally and externally, securing the network while providing fidelity and building confidence.
- Processes: Establishing scalable and repeatable process is key to responding to any incident, even one as severe as ransomware. Such processes include ensuring backups, such as incidence response and business continuity plans, are available from multiple sources and are routinely tested for confidentiality; assigning an incident response team which routinely tests with tabletop exercises; penetration testing internal and external resources; and establishing policies based on audits and for regulatory compliance.
- Technology: Security controls implemented via hardware and software give stakeholders visibility and empowerment over network resources housing client data. This includes endpoint protection, network appliances with routinely reviewed rules, enabling logging for network and host resources, and procuring technology to enable administrators to grant roles-based and need-to-know access to limit exposure of data.
Short of these holistic measures that BinaryLab recommends for all users and stakeholders, a ransomware attack can leave unprepared victims with degraded or fully interrupted business operations, which may lead to potential loss of business and/or civil liabilities.
Below is a graphic detailing what a ransomware engagement would look like if the proactive steps outlined above were not in place.
The cost, number of parties involved, and relative uncertainty of full restoration makes it imperative to combat this emerging threat like-for-like.
Just as the operations have a military mission-like approach, so too must SMBs be prepared to train and mitigate these threats with the same precision and investment in their defense.
BinaryLab is committed to protecting clients’ sensitive data by proactively addressing security concerns, as well as providing relevant and timely security expertise. For an assessment or more information, contact BinaryLab at 301-337-3131.