Ransomware attacks are expected to grow both in frequency and effectiveness in 2021, with researchers at Cybersecurity Ventures predicting attacks to occur every 11 seconds and ultimately cost victims more than $20 billion. That’s an incredible impact for a cybersecurity risk that has been around for years.
These ransomware attacks cause significant damage, but they are almost completely preventable. Organizations that build a strong cybersecurity foundation will find themselves far less vulnerable to attack than their competitors.
Let’s take a look at five ransomware protection best practices you should consider to bolster your defenses.
1. Maintain a defense-in-depth approach to malware protection
Ransomware is just another variant of malware, and the reality is that most ransomware outbreaks use well-known variants easily detected by active antimalware controls. Make sure your defense-in-depth approach includes scanning and filtering technologies for endpoints, network traffic, web content and email messages. These simple defenses are quite effective.
2. Consider advanced protection technologies
While most ransomware attacks will be caught by basic antimalware defenses, the risk remains that attackers will target you with a novel attack. To detect these zero-day attacks, consider using endpoint detection and response platforms that include sandboxing and behavior analysis technologies as a fallback approach.
3. Educate employees about the risks of social engineering
Ransomware often enters an organization through the inadvertent actions of employees, for example, a staffer falling victim to a phishing attack. Unprepared employees can also expose you to significant risk. Ensure cybersecurity awareness and training programs reach all employees with current and consistent messaging on a regular basis. A well-timed reminder about cybersecurity practices can prevent an employee from accidentally exposing you to significant risk.
4. Perform frequent backups of critical data
The primary objective of most ransomware attacks is to deprive you of access to critical information until you pay a ransom. Backups can mitigate this risk by providing you with a fallback plan. If ransomware encrypts your data, backups can help you restore access quickly without meeting the attacker’s demands. Just remember that restoring from backup brings you back to a point in time where you likely still have the same vulnerability that attackers originally exploited. Make sure your ransomware protection best practices recovery process also includes the identification and remediation of the incident’s root cause.
5. That said, don’t depend entirely on backups
Ransomware authors are evolving in the demands they make of organizations. Recent attacks have threatened both the availability of information and its confidentiality. Victims of these attacks are informed that not only is their data encrypted, but their sensitive files have also been downloaded. Failure to pay the ransom will result in those files being published online, disclosing confidential information that could lead to financial loss and/or public embarrassment. Backups are important, but they’re only one element of a defense-in-depth approach to ransomware.
Organizations that build strong antimalware defenses, educate their employees and back up their data regularly will find themselves well prepared for the next wave of ransomware attacks. These security controls aren’t rocket science, but in the face of millions of successful attacks expected this year, they remind us they’re critically important.