Digital transformations within businesses have capitulated very positive outcomes but security is always thought of at a later stage and this leaves the digital doors wide open for bad actors. Lack of basic security hygiene within the enterprise infrastructure is still a reality.
As per the reports, the average ransom payments are doubling every quarter and cases have emerged where certain attackers defaulting on decryption tool delivery even after payment has been made. Keeping such criticality in mind, it becomes very necessary to understand & adapt the ways, an organization must take to safeguard themselves against the ransomware.
How ransomware attacks take place?
Ransomware, a type of cryptographic malware, is used by cyber thefts to extort money. It holds data to ransom using encryption or by locking users out of their device. This is often spread through phishing emails that contain malevolent attachments. Email may look like it is from a legitimate company, and the victim might be asked to click on a link or an attachment to save money on gifts. But on clicking the link, the data could get stolen via malware.
Ransomware can also take place through drive-by downloading. This occurs when a user unintentionally visits an infected website and then malware is downloaded and installed without the user's awareness. Certain other similar methods include spread via web-based instant messaging applications etc. Specifically, in the case of enterprises, the primary entry point of ransomware in the network could also be through vulnerable systems & servers.
Threat to enterprises
While the ransomware attacks on consumers have deteriorated, enterprise ransomware attacks have seen the surge of more than 350 per cent on an annual basis. In Q4 of 2019, the average downtime for an enterprise impacted by ransomware increased to 16.2 days, from 12.1 days in the previous quarter. As per the reports, the top 5 industries that have been heavily victimized in Q1 of 2020 are:
Professional Services
Healthcare
Public Sector
Consumer Services
Software Services
The major reason behind the attacks in enterprises has been RDP compromise, Email Phishing and Software Vulnerability. The average size of companies target by ransomware has been around 600 in the last three quarters while the median size has been 50. It shows clearly that ransomware remains proportionally a small business problem and how large enterprises pull off the average.
How can that be controlled?
There are various ways how enterprises can mitigate such attacks but if the below five measures are followed strictly then it can reduce the probability by 99%.
Deploy Advanced EPS Solution
Enterprises should ensure that deployed End Point Security Solution in their infrastructure is enabled with Ransomware protection. They must further update anti-malware of all the endpoints regularly and should schedule back up of their end point’s crucial data on hourly/daily basis, depending on the need of business operations.
Calibrate Perimeter Security
Corroborate that anti-virus & IPS signatures of Gateway Security appliance i.e. NextGen Firewall are well updated and all the other rules/policies are tightly configured to prevent intrusion. In case if cloud sandboxing is not enabled then it should be done at the priority.
Use Secure Remote Access
With Work From Home becoming a new normal, enterprises must only allow Remote access via VPN to establish secure connections between their networks and the devices used by offsite employees. In addition, Mac binding and two-factor authentications must be enabled to ensure that only protected office laptops/mobiles are been used by employees for connecting to internal office resources.
Review Cloud Security
Alike, next-generation firewalls, rules/policies of virtual firewalls and CASB also need to be reviewed up. Mac binding and two-factor authentications should be enabled on Virtual Firewalls too.
Educate Employees
Making employees aware of security threats is very significant. They can serve as the first line of defence to combat online threats and can aggressively help stop malware from infiltrating the organization's system. An advisory mail can be sent to employees stating ‘Do’s and Don’ts to create more cyber awareness. They could also initiate a webinar to demonstrate the same live.