Taking a Multi-Faceted Approach to Ransomware Protection
Ransomware is not a new phenomenon, but the scale of attacks has accelerated both in sophistication (using 'Ransomware-as-a-Service' with pre-developed ransomware tools to launch attacks) and frequency. The COVID-19 pandemic became a catalyst for cybercriminals to take advantage of the hybrid working landscape – according to recent research, ransomware incidents handled by the Information Commissioner's Office (ICO) increased from 326 in 2020 to 654 in 2021, and are continuously affecting businesses of all sizes, across various industries.
In May 2022, VIPRE produced a whitepaper explaining that by embedding a layered cybersecurity approach, organisations can strengthen protection against ransomware threats – which have recently been declared the most significant cyber threat facing the UK.
Usman Choudhary, Chief Product Officer of VIPRE, explains that to combat ransomware, businesses must use a multifaceted approach, including software, IT and business processes, and employee awareness.
The Role of the User
When it comes to protecting any business from cyber threats, humans, as the end-user are the first line of defence, as the final decision is sending confidential data or downloading an external file lies with them. However, human error is inevitable, with 95% of data breaches occurring due to an internal mistake. These mistakes, small or large, include accidentally emailing the wrong contact, clicking on a phishing link or downloading malicious attachments – all of which can have devastating consequences. This can range from financial damage, not just from ransom demands, but also through business disruption, to loss of productivity and long-term damages to the business's reputation.
VIPRE's whitepaper revealed the unfortunate increase of payments being made by an organisation when they fall subject to a ransomware attack, with research conducted by IBM finding that ransom requests can reach up to £31 million on average. Despite businesses paying the ransom, there is no guarantee that the data will be unencrypted or returned, and if the data is stolen, it may still be leaked. However, these attacks can be avoided by providing the user with the necessary education and support against ransomware attacks.
In order to mitigate human risk, education is key. Security awareness training should be prioritised within any workplace, and rather than an annual' tick box,' should occur regularly – especially for new starters. Consistent security awareness training will help users to build their knowledge of the cyber threats they could face and, more importantly, teach them how to prevent those attacks from occurring. If a business's first line of defence isn't strong, they face leaving the door open for a potential attack to occur. Users need to feel confident and empowered as part of the businesses' overall cybersecurity strategy to support the prevention of such attacks.
According to VIPRE's whitepaper, "Email is the most commonly exploited threat vector by cybercriminals who use it to spread malware, including ransomware".
Email is an essential communication tool for all businesses to exchange information externally and internally, and this year alone, 333.2 billion emails are expected to be sent and received each day. With potentially sensitive and valuable information being shared across the internet, it is of utmost importance for businesses to strengthen its email security. Using technology solutions such as sandboxing, which blocks malware before it enters the network, allowing both the user and the organisation to remain in control of the email and the network access points, can prevent dangerous emails and/or links from entering the user's inbox.
Additionally, security email tools can be deployed that prompt the user to double-check an email before they click send, for example: 'have you attached the correct document?' Are your recipients the right people to share this information with?' This technology, in turn, empowers the user to make the correct decisions while alerting them at the point of a potential data leakage – before it is too late.
Having a recovery plan in place is vital for any business, as containment and damage limitation is important right from the outset. A contingency plan not only helps an organisation short-term to minimise disruption and get the business back up and running, but it will also benefit both the business, stakeholders and other organisations long-term in order to learn from potential errors.
It is important to note that once the threat has passed, a retrospective audit is conducted of what happened and that these findings are shared across businesses to help develop the best security approach and mitigate the risk of an attack occurring again in the modern threat landscape. Prevention is better than the cure, but should the worst happen, a ransomware response plan in place is crucial for business continuity and to minimise the impact of data loss for both customers and stakeholders.
Implementing regular security awareness training, email protection, and a recovery plan are all important layers of cyber security protection against ransomware attacks. But, by themselves – they do not reach the maximum potential of security and face leaving potential gaps for attackers to leverage. Instead, combining them together and creating a multifaceted approach is key to transforming and strengthening security measures, giving businesses confidence and reassurance against the modern threat landscape.