Ransomware Surged in 2021: What To Do To Protect Against Inevitable Attacks

Ransomware attacks are a nightmare for any business, government, or critical infrastructure organization. Operations halt without a clue as to if or when data will be restored. With the rise in high-profile attacks throughout 2021, ransomware security breaches are top of mind for every CTO/CISO. While some industries are at a higher risk, attacks are unpredictable and occur for a variety of reasons. 

The continual escalation of ransomware attacks has been spurred by infrastructure changes.  Not only are ransomware attacks more prevalent, the price tag to get your information back is increasing and the damage to your business and its reputation can be severe. 

Many IT and security professionals feel their organizations are underequipped to prevent a ransomware attack. Fortunately, applying a defense in depth strategy can reduce your organization’s risk by limiting your attack surface. 

Ransomware continues to surge 

Ransomware has become a cycle that feeds itself. Data from CyberEdge Group’s 2021 Cyberthreat Defense Report show that the current likelihood of a company seeing its data returned after providing a ransom is very high. This fact encourages companies to pay a ransom in the hope that it will regain access to its data. At the same time, hackers are incentivized to return access to data to promote future ransom payments, which ultimately helps to fund and incite future attacks. 

Companies are increasingly relying on digital infrastructures. But the abrupt infrastructure changes brought on by the COVID-19 pandemic has left holes in many companies’ security, increasing the risk of ransomware attacks. The surge of remote work added more personal devices and networks as attack targets. For IT departments already strapped for resources, keeping pace with these changes has been difficult. As many companies have decided to remain distributed, the challenges for IT security teams persist. 

According to Forbes, crime organizations now “franchise their ransomware-as-a-service (RaaS) capabilities to attackers.” This means that bad actors interested in carrying out ransomware attacks only need to penetrate the target organization. Experienced hackers within the criminal organizations provide the encryption tools, communications, and ransom collection for a percentage of the ransom. Attacking organizations, for whatever motive, is easier than ever. 

Is your organization next? 

Ransomware attacks are largely unpredictable. Hackers have many strategies to gain access, and your organization may simply seem like an easy target for their favored tactics. Perhaps your company recently had a hiring spree, and the new employees are not trained against phishing attempts. Or your company has partnered or merged with another company that was previously attacked. If attackers see an opportunity, they will take advantage of it. 

Many smaller companies do not realize that they are at risk because of their association with larger companies. If your organization is up or down the supply chain from major industry players, an attack on your system may be a first step to reaching the bigger fish. Relative obscurity does not necessarily mean your organization is safe.  

As seen in the high-profile attacks against the Colonial Pipeline and JBS, organizations with a low tolerance for downtime are often targeted because they are more likely to pay the ransom quickly. Companies often decide to pay the ransom because the cost is lower than the losses related to a lengthy period of downtime, especially when the return of data is likely. The industries most affected by ransomware are technology, telecom, education, healthcare, retail and finance. In fact, the banking industry experienced a 1,318% year-on-year increase in ransomware attacks in the first half of 2021. 

While calculating your organization’s exact level of risk is challenging, anticipating an attack is wise in current times. Preparing your defense in depth strategy can help block an attack from occurring or limit the extent of a breach. 

Ransomware is more concerning than you think 

Supply chain disruptions, revenue losses, and reputation damage are just a few risks associated with a ransomware attack. Some overlooked outcomes of a successful ransomware attack are even more concerning.  

Even though ransom price tags are growing, many companies continue to pay. Perhaps this is less of a concern for larger companies with high cash flows, but for smaller organizations, this payment can represent a high percentage of revenue. 

And even after a ransom is paid and access to data and systems is restored, the underlying ransomware and malicious files may continue to exist, leaving your company vulnerable to additional security attacks, via ransomware or other means. 

Defense is the best offense 

IT and security professionals see untrained workforces, poor integration, and lack of interoperability between security solutions as the top impediments to defending against cyberattacks. While training workforces is a necessary and ongoing process complicated by turnover and a changing security landscape, closing security gaps is a definitive step to avert cyberattacks like ransomware. 

Vandis recommends implementing a layered security approach as part of a defense in depth strategy. Layered security puts multiple products in place to address a single aspect of security. This redundancy helps to strengthen the company’s defense from threats. In the event one measure fails, another is in place to prevent the intrusion. A full defense in depth strategy incorporates this layered approach across all of an organization’s security measures.  

As the threat of ransomware attacks grows, arming your organization with multiple layers of security will provide the best chance of defending against these attacks. Vandis can provide security guidance and help evaluate your current security posture to identify any gaps you may have and ways to remediate them. Contact us for more details.