• About
  • Subscribe
  • Contact
Thursday, May 8, 2025
    Login
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
No Result
View All Result
Home Technology Security

How to avoid being ransomware’s next victim

Mark Lukie by Mark Lukie
November 29, 2021
Photo by Tima Miroshnichenko from Pexels: https://www.pexels.com/photo/close-up-view-of-system-hacking-5380642/

Photo by Tima Miroshnichenko from Pexels: https://www.pexels.com/photo/close-up-view-of-system-hacking-5380642/

Ransomware attacks have escalated to the point that governments are now treating them as acts of terrorism. Such attacks have caused massive operational disruption to every sector - no industry, organisation, or government entity is immune.

Put simply, ransomware is malicious software that either encrypts your data or otherwise stops you from accessing your own systems. A ransom is then demanded in exchange for the decryption key. As many victims who paid have found out, there is no guarantee that the key will work, or you will get your data back.

Gartner recently announced that the threat of new ransomware models is now the top emerging risk factor facing organisations. Year on year we have seen a 64% increase in ransomware attacks. Of the global total, 11% of known incidents happened in Asia-Pacific.

August this year saw a spate of ransomware attacks in Singapore, including on an eye clinic which affected the data of 73,500 patients. Another victim was insurance company Tokio Marine and earlier in the year AXA was targeted across the Asia region. In fact, according to our recent report, 72% of Singapore businesses have fallen victim to a network attack in the last 12 months, while two-thirds (62%) had suffered at least one ransomware attack over the same period.

While ransomware attacks can strike any business, big or small, the attack on AXA in Asia came very soon after it was one of the first insurance companies to stop paying for ransomware payouts. With many other insurers following suit, that’s just one of many reasons why organisations need to protect themselves against ransomware attacks.

Ransomware is on the rise because the barriers to entry have disappeared. Cybercriminal gangs offer technical support in exchange for a percentage of the ransom. Or you can hire them to do the crime for you. In the past year, 27% of attacks came from ransomware-as-a-service providers like REvil (19%) and DarkSide (8%).

In essence, it’s better to prepare for the worst than hope for the best. You should assume that your company will suffer ransomware attacks, and if an attack is successful, you should have a plan to not pay the ransom.

At the very core of protecting your company from ransomware attacks, it’s all about protecting your data. This can be broken down into three steps: protecting your credentials, securing your web applications, and backing up your data.

Step 1: Credentials protection is paramount

First of all, ransomware relies on either breaching email or otherwise securing credentials. With tens of thousands of usernames and passwords readily available online, this first step can be frighteningly easy. Attackers then use these stolen credentials to access your systems.

Protecting credentials and access requires a two-pronged approach: first invest in detection

and response tools, and then focus on training your users.

Step 2: Take web application and access security seriously

The shift to remote work has pushed even more applications out of the data centre and onto the internet. Find a next-generation firewall solution that provides multi-layered security, that includes intrusion prevention and sandboxing of malware, and provides powerful network segmentation to prevent lateral movement within the network.

Application access should be secured with a Zero Trust Network Access (ZTNA) solution that provides secure access to applications and workloads from any device and any location. And one of the best ways to deploy application security is with a web application firewall (WAF) to protect your software, your users, and their data - wherever they may be.

Editor's choice: PodChats for FutureCIO: CISO tactics to enhance cyber threat readiness

Step 3: It’s all about backup

Any serious ransomware protection strategy should start with thinking about backup. Consider disaster recovery as a crucial, strategic part of your infrastructure. Test it regularly and realistically — that means doing an actual restore, not just checking it’s running.

There is also still an all-too-common misconception that because your data is in the cloud it can’t be affected by ransomware. That simply isn’t true. SharePoint, Exchange, and other data sources have been hit. Even cloud and SaaS data can be encrypted with ransomware. Microsoft guarantees the availability of the service, but also recommends that you back up your data using a third-party backup solution.

Taking those three steps — protecting your credentials, securing your web applications and access, and backing up your data — may not guarantee you won’t be attacked by ransomware. But it will guarantee that you never have to pay a ransom to get your data back.

Related:  Philhealth bounces back after Medusa ransomware attack
Tags: Barracuda NetworksDarkSideransomwareREvil
Mark Lukie

Mark Lukie

Mark Lukie has more than 19 years of IT industry experience with deep skills in networking, cybersecurity, backup/disaster recovery, public cloud platforms and systems integration. As systems engineer manager, Asia Pacific and Japan, he is a member of the Barracuda Global Cloud Security Team, which focuses on security solutions for public cloud platforms such as Microsoft Azure, Amazon Web Services, VMware vCloud Air and Google Cloud Platform. Lukie’s qualifications: Microsoft Certified Systems Engineer/Administrator (MCSE/MCSA), Certified Novel Administrator (CNA), Barracuda Application Delivery & Security Expert (ADSX) and Barracuda Certified Technician & Expert for NextGen Firewalls.

No Result
View All Result

Recent Posts

  • Agentic AI-powered AppSec platform launched for the AI era
  • IDC forecasts GenAI alone will grow at a 59.2% CAGR
  • Dataiku brings new AI capabilities to create and control AI agents
  • Microsoft reveals the rise of a new kind of organisation in the AI era
  • St Luke’s ElderCare enhances data security and user experience with Juniper

Live Poll

Categories

  • Big Data, Analytics & Intelligence
  • Business Applications & Databases
  • Business-IT Alignment
  • Careers
  • Case Studies
  • CISO
  • CISO strategies
  • Cloud, Virtualization, Operating Environments and Middleware
  • Computer, Storage, Networks, Connectivity
  • Corporate Social Responsibility
  • Customer Experience / Engagement
  • Cyber risk management
  • Cyberattacks and data breaches
  • Cybersecurity careers
  • Cybersecurity operations
  • Education
  • Education
  • Finance
  • Finance & Insurance
  • FutureCISO
  • General
  • Governance, Risk and Compliance
  • Government and Public Services
  • Growth Strategies
  • Hospitality & Tourism
  • HR, education and Training
  • Industry Verticals
  • Infrastructure & Platforms
  • Insider threats
  • Latest Stories
  • Logistics & Transportation
  • Management Leadership
  • Manufacturing
  • Media and Telecommunications
  • News Stories
  • Operations
  • Opinion
  • Opinions
  • People
  • Process
  • Remote work
  • Retail & Wholesale
  • Sales & Marketing
  • Security
  • Tactics and Strategies
  • Technology
  • Utilities
  • Videos
  • Vulnerabilities and threats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCIO is about enabling the CIO, his team, the leadership and the enterprise through shared expertise, know-how and experience - through a community of shared interests and goals. It is also about discovering unknown best practices that will help realize new business models.

Quick Links

  • Videos
  • Resources
  • Subscribe
  • Contact

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
Login

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Subscribe