Ransomware attacks are becoming more frequent, more damaging and more sophisticated. John Chambers, former CEO of Cisco Systems said in June of 2021 that U.S. companies are expected to endure over 65,000 ransomware attacks this year – and that’s a “conservative number”, it could be as high as 100,000. Overall damages are in the trillions and cost companies not only loss of business, but citizen access to wide ranging services such as education, government, utilities, food distribution and transportation.
Due to the interconnected nature of business systems, infrastructure and supply chains, these attacks can be significantly damaging and ransom demands very costly.
The most recent attack on Kaseya, much like the SolarWinds attack, targeted the supply chain of IT services not only to their direct customers, but to their customers’ customers, many of whom are small businesses.
Companies and organizations who experience ransomware attacks must work rapidly to identify and eradicate the ransomware software and at the same time, repair their reputation with the public.
Ransomware attackers are not only targeting large companies with extensive supply chains, they have successfully targeted local governments, schools and universities and transportation systems, so organizations of all sizes need to be prepared to anticipate and prevent ransomware attacks.
Here are some tips to help you better prevent ransomware attacks on your networks.
1. Back up your data
Back up all business-critical data often and regularly and store it separately from your network so that you can quickly restore your data in the event of an attack.
2. Training
Provide up to date and ongoing training to your security professionals and your employees. 70% of these types of attacks start with human error, ensure employees have the most current knowledge and skills.
3. Increase Risk Coverage
Assure solid coverage of your systems with detection, monitoring, analysis and response tools and identify and address gaps in coverage to detect security breaches earlier.
4. Treat Every Security Alert Seriously
There are many high-quality tools that can detect security threats. Although a ransom demand is the final stage of an attack, the ransomware software may have been on the systems but gone undetected for months. Security analysts can be receiving thousands of alerts each day which can lead to alert fatigue and missing important alerts. Assure you have the proper defense and response tools to triage security alerts to have analysts focus on the highest priorities.
5. Design and Implement Better Workflow Processes to Best Use Your Talent
Cyber security professionals always have specific roles, skill sets and level of seniority. Design your workflow processes to assign issues to appropriate owners based on their skill set and expertise. For example, use entry level analysts to perform tasks for Tier 1 analysts, or assign specific tasks to analysts with the most relevant knowledge.
6. Automate Low Level Tasks
Reducing repetitive tasks with automation reduces alert fatigue and enables analysts to focus on the most important issues that may be related to ransomware.
7. Have a Response Plan in Place
Anticipate that you may be attacked and have a solid response plan in place so that everyone knows specifically how to respond and with what actions.
Empower Your Analysts with AI-Based Tools
Demands on security professionals can be intense and exhausting given the ever-increasing number and type of threats occurring every day. With hundreds of internal and external data sources generating alerts, leveraging automation and artificial intelligence can enable analysts to triage all alarms and threats, not just the most critical without additional investment in security resources. Leveraging AI to augment security analysts can bring a 10X improvement in efficiency by:
- Intelligently assigning security tasks to professionals with relevant skills to maximize productivity
- Continually learning from analysts and their peers and automating repetitive tasks to be handled without human intervention
- Detecting early signs of ransomware that may not appear yet to be highly critical to warrant proper attention
- Discovering patterns on security alerts to reveal true threats or false positives to take the right course of action
Improve the efficiency of your SOC so that you can better reduce or prevent the risk of ransomware with DTonomy. For more information visit www.dtonomy.com
