Organisations today are accelerating digital transformation plans to support hybrid workforces, which is driving the rapid adoption of cloud technologies.
As a result, the amount of data that businesses generate, process, and acquire from various data sources has skyrocketed. This has created new vulnerabilities and increased opportunities for targeted attacks that exploit security professionals’ limited visibility across complex cloud and distributed environments.
Thus, today’s organisations require the ability to secure all enterprise data autonomously.
The past few months exposed the cybersecurity industry’s fundamental data problem. Cybersecurity solutions are put into place to protect data; however, their inability to seamlessly ingest and action data from across the enterprise hinders their ability to protect against and respond to real-time and dangerous cyberattacks such as ransomware.
Ransomware is on the rise again, and dramatically so. A recent industry report found that ransomware attacks globally increased by 150% in the last year. In fact, in the past few months, the UAE saw a growing wave of ransomware attacks, with surveys reporting that 78% of businesses were impacted by ransomware in 2020.
Moreover, according to a recent industry report, the average cost of remediating a ransomware attack in the UAE in 2021 is $517,961. These numbers show that ransomware is becoming more prevalent, and businesses and organisations of all kinds, public and private, are experiencing its detrimental effects.
Over the last few years, ransomware has emerged as one of the most devastating and costly attacks in the hacker arsenal. Cyber thieves are increasingly using this form of attack to target individuals, corporate entities, and public sector organisations alike by holding their systems or files for ransom.
The operators are no longer content with holding a network hostage. They rifle through networks for days and weeks on end, seeking major payouts, attempting to map the data points and find the juiciest data targets that will provide them with the best leverage for a payout.
Ransomware offers an easy pay-day for criminals with a low chance of getting caught. It also represents one of the most devastating attacks for victims, who can potentially lose everything from personal data to the very infrastructure that their business relies on.Â
And unfortunately, after all the damage caused by the attack itself, paying the ransom does not guarantee the safe retrieval of the victim’s encrypted data. Recently, it was discovered that the data recovery mechanism used by Ryuk, a type of ransomware, is faulty, causing an incomplete recovery of some types of files and leading to data loss even if the victim had paid the ransom demand.
In other cases, hackers simply walk away and never bother to provide the decryption keys, leaving the unfortunate victim out of pocket and their data lost forever.Â
Ransomware attacks are not going away. The increasing diversity and total volume enabled by RaaS and affiliate schemes, along with the low risk and lucrative returns, only serves to suggest that ransomware will continue to evolve and increase in sophistication for the foreseeable future.
To become more effective in preventing ransomware, businesses must prioritise the following activities:
Threat Intelligence
How well do you know your attack surface? Prevention starts with intelligence on possible adversaries’ tactics and techniques. Access to feeds and research powers your defenses and helps you to understand and control your attack surface.
Discovery and Inventory
Visibility into who and what is on your network is crucial. To control and take action, aim for continuous discovery and fingerprinting of all connected devices using active and passive discovery to identify and create a real-time inventory of even intermittently connecting devices. This will help you to find and control rogue endpoints.
Improve Endpoint Security
Almost all organisations have endpoint security; however, to prevent ransomware, static detection and antivirus is no longer enough. Having advanced features in your endpoint protection and performing endpoint management and hygiene from a centralised management system is increasingly important.
Good endpoint security should include multiple static and behavioral detection engines, using machine learning and AI to speed up detection and analysis. It is also essential to have exploit protection, device control, access control, vulnerability and application control.Â
Thus, the absolute best defense against a severe ransomware attack is preparation and prevention. Technology is a massive part of that, but one must not discount user hygiene and education. Vigilant users, along with robust preventative controls, are essential. Business continuity planning and disaster recovery drills are also critical to ensure readiness and resilience against these threats. Ultimately, these strategies will allow enterprises to protect their most prized asset: data.
