Dave Adamson, CTO of Espria, tells us how business leaders must rethink their strategies to succeed in the midst of a ransomware pandemic.
A hyperconnected world is the new normal for most businesses, but the rapid adoption of technology continues to increase the number of vulnerable entry points in many organisations.
The rise of remote working has been a significant catalyst leading to two years of rapid Digital Transformation, but inefficient security measures and rushed policies can hinder early detection and fast response capabilities.
In September 2023, the National Cyber Security Centre published a report observing a record-breaking number of attacks between September 2022 and August 2023 – an increase of 153%, and suggesting ransomware activity would persist into 2024. The appropriate security solutions will protect and defend; mitigating threats as well as empowering businesses with recovery tools from ransomware attacks.
How then, should companies go about securing their software and data?
Digital Transformation has transformed the attack surface
Data and digital tools that were previously centralised on-site, with a protected network of firewalls and device log analysis, now live on the cloud. With the rapid change to a hybrid/remote work culture, businesses have understandably focused on integrating new products into their companies, but necessary security standards and governance often lag behind, meaning businesses are left unable to monitor activity and manage their networks effectively.
Most companies have integrated SaaS tools and cloud storage to allow remote workers access to services, but new architecture means more opportunities for ransomware attacks.
Businesses need hardened internal controls for data access and management such as Identity and Access Management (IAM), Privilege Access Management systems (PAM) and multifactor authentication (MFA) to protect business assets. Limiting the number of users with access to certain functions increases system security while allowing businesses to control and isolate risks, and manage access to high-risk data.
Unpatched endpoints are low-hanging fruit for ransomware attackers
Vulnerable endpoints and unpatched security frameworks are the most common points of entry for attackers to gain a foothold in businesses’ networks. A 2023 report by Sophos found that among the 66% of organisations who suffered ransomware attacks, 36% of those attacks were carried out through vulnerabilities in devices – the leading cause for ransomware attacks in 2023.
With the continually changing IT ecosystem, legacy security is not robust enough to secure a network for remote workers and businesses, nor protect the valuable data they hold. Technologies with system and network access, such as IoT devices and operational technology, are all access points that need to be regularly updated to avoid unintentionally weakening points of access for cybercriminals to exploit.
Outdated software, as well as insufficient encryption, can all be avoided if businesses practise diligent patching of their networks. The NCSC report, which reviewed their key developments and highlights, found that the two top methodologies employed in ransomware attacks involved cross-site scripting – an attacker embedding malicious scripts into trusted applications – and information disclosure. Both methods are largely exploitative of inefficient management systems, however, consistent renewal of software can mitigate these risks by ensuring your detection and response is up-to-date. This preventative method is less costly than investing in additional physical infrastructure and layers of protection, aiming to reduce the frequency of attacks, speed up response times and reduce the significance of the loss – whether it is a corporate crisis or a minor IT incident.
Stay up-to-date on cybersecurity threats
A fortified network is not the only factor that reduces cyber-risks; collective responsibility and security awareness is also vital for businesses trying to foster a culture of vigilance. The shift to online has meant that employees are exposed to a higher volume of digital interactions and cybercriminals often target employees who lack sufficient knowledge on security. A single careless action, such as clicking on a malicious link or providing confidential information to an untrusted source, can put an entire business’s cybersecurity at risk. According to a 2023 report from Verizon, more than 90% of cyberattacks are through email tailored to mimic common email templates and workers with insufficient training about phishing are most at risk of falling prey to these attacks. Businesses should therefore conduct regular awareness training and enforce best security practices and guidance to help employees recognise and respond effectively to potential threats.
With 74% of breaches involving a human element, business leaders have a responsibility to establish comprehensive security policies and procedures that can provide employees with training on new and emerging threats. Managers can reiterate the safety training and highlight key concepts such as checking the domain name of the URL, looking out for any grammatical errors and making sure that email and antivirus applications are up-to-date.
This will improve the business’s front line of defence and reduce the risk of attackers slipping into the network to exfiltrate data for ransomware.
One thing is clear, cybercriminals will continue to target employees as long as they are vulnerable to their attack methods, and so it is crucial for businesses to establish a fortified network and strong cybersecurity within their organisation. To succeed in the midst of this ransomware pandemic, business leaders must rethink their strategies to challenge the new cyber-landscape through strengthening their servers and training staff accordingly.