In IBM's "Cost of a Data Breach 2022" report, the average payout for ransom was $812,360. The steady payout incline suggests that ransomware remains big business for cyber criminals, particularly as successful execution means easy money without the need for malicious actors to worry about exfiltration of the data they have stolen. On top of this, the tools for a ransomware attack are becoming increasingly sophisticated and commercially available on the dark web, making it more likely that attacks increase in number and are successful.
Thanks to high profile cases such as the WannaCry attack, which caused havoc across the UK’s national healthcare system, organizations today are well aware of the ramifications a ransomware attack can cause. Unfortunately, no business is entirely immune and therefore it needs to fully understand the risks of being targeted and better plan for how it would react if it fell victim to an attack.
Shore up your ransomware defenses
Unfortunately, there is no single silver bullet when it comes to eradicating the chances of a ransomware attack hitting a business. However, there are actions that can be taken in terms of training employees on what to watch out for, and if something does happen, who to contact and what particular processes to follow.
There are also technology solutions that can be deployed to mitigate the risk of weaponized documents coming into the organization (the most popular route for a ransomware attack), as well as strategies to segregate networks, systems and data to ensure that lateral movement from an infection is minimized.
Clearswift’s Advanced Data Loss Prevention (A-DLP) solution can mitigate the threat of a ransomware attack thanks to a number of innovative features:
- Deep content inspection. This technology completely disassembles digital activity to its lowest constituent parts for detection and immediate removal of malicious code. Common evasion techniques such as time delays, virtual awareness, encryption or multiple embedded document layers are no match for this level of granular inspection.
- Structural sanitization. Malicious active content is detected and automatically cleansed from documents and attachments, without causing delays to communications.
- Document sanitization. Prevent phishing expeditions used to determine the means of delivering malware. Documents are automatically sanitized to stop the harvesting of hidden metadata and personal information from websites, social media, email and cloud collaboration sites.
- Anti-steganography. Everyday digital images files such as JPGs, BMP and Gif files can be used to deliver ransomware into the organization. The anti-steganography feature extends the sanitization of documents to include all images passing through the network.
All in all, while it is impossible to entirely eliminate the risk of ransomware attacks on an organization, it is possible and practical to take proactive, early steps towards shoring up defenses against the threat. The case of ransomware, while clearly topical, is a prime example of the need for an approach to cybersecurity centered on People, Processes and Technology. It is vital that businesses not only educate their staff to be fully aware of best practices and the correct procedure to follow in case of an attack, but also implement robust, advanced and strategic technology solutions to give themselves the best chance of never needing to pay a ransom in the first place.