During the past year, organizations have seen a massive increase in the number of ransomware attacks, the cyber extortion that occurs when malicious software is installed on a computer, holding data hostage until the user pays a ransom. Ransomware attacks can cost companies millions of dollars and an even greater loss long-term. Organizations need to be prepared to face all ransomware attacks.
Gartner has released a report that details 6 ways businesses can defend themselves against attacks starting today. Paul Webber, Senior Director Analyst Gartner, says “in some cases of ransomware attacks, the victim organizations have paid huge amounts to the attackers, which can be one of the reasons these attacks are getting more popular. Instead, what organizations need to focus on is preparation and early mitigation if they want to cut losses to ransomware.
Security leaders can reduce the likelihood of a ransomware attack by following these six actions.
- Conduct initial ransomware assessments – The first step to a good defense system is to conduct an initial test of security measures to see where organizational vulnerabilities lie.
- Enforce ransomware governance – In the event of a ransomware attack, it is important to have established processes and compliance procedures that involve key decision-makers.
- Maintain consistent operational readiness – Maintaining consistent readiness means conducting frequent exercises and drills to ensure systems can detect attacks.
- Back up, test, repeat ransomware response – In addition to regular testing, organizations need to back up data and its supporting IT infrastructure in case of a system outage. IT teams should prepare a ransomware attack response for critical application recovery and create RTOs and parameters.
- Implement the principle of least privilege – Restricting access and permissions to unauthorized devices is key for a ransomware attack. By limiting access, systems can remain safe in the event of an attack.
- Education and train users on ransomware response actions – One of the biggest challenges of ransomware is teaching employees how to spot an attack or malicious email before they click. Ransomware preparedness training is the most important protection for an organization.