Ransomware attacks have escalated to the point that governments are now treating them as acts of terrorism. Such attacks have caused massive operational disruption to every sector - no industry, organisation, or government entity is immune.
Put simply, ransomware is malicious software that either encrypts your data or otherwise stops you from accessing your own systems. A ransom is then demanded in exchange for the decryption key. As many victims who paid have found out, there is no guarantee that the key will work, or you will get your data back.
Gartner recently announced that the threat of new ransomware models is now the top emerging risk factor facing organisations. Year on year we have seen a 64% increase in ransomware attacks. Of the global total, 11% of known incidents happened in Asia-Pacific.
August this year saw a spate of ransomware attacks in Singapore, including on an eye clinic which affected the data of 73,500 patients. Another victim was insurance company Tokio Marine and earlier in the year AXA was targeted across the Asia region. In fact, according to our recent report, 72% of Singapore businesses have fallen victim to a network attack in the last 12 months, while two-thirds (62%) had suffered at least one ransomware attack over the same period.
While ransomware attacks can strike any business, big or small, the attack on AXA in Asia came very soon after it was one of the first insurance companies to stop paying for ransomware payouts. With many other insurers following suit, that’s just one of many reasons why organisations need to protect themselves against ransomware attacks.
Ransomware is on the rise because the barriers to entry have disappeared. Cybercriminal gangs offer technical support in exchange for a percentage of the ransom. Or you can hire them to do the crime for you. In the past year, 27% of attacks came from ransomware-as-a-service providers like REvil (19%) and DarkSide (8%).
In essence, it’s better to prepare for the worst than hope for the best. You should assume that your company will suffer ransomware attacks, and if an attack is successful, you should have a plan to not pay the ransom.
At the very core of protecting your company from ransomware attacks, it’s all about protecting your data. This can be broken down into three steps: protecting your credentials, securing your web applications, and backing up your data.
Step 1: Credentials protection is paramount
First of all, ransomware relies on either breaching email or otherwise securing credentials. With tens of thousands of usernames and passwords readily available online, this first step can be frighteningly easy. Attackers then use these stolen credentials to access your systems.
Protecting credentials and access requires a two-pronged approach: first invest in detection
and response tools, and then focus on training your users.
Step 2: Take web application and access security seriously
The shift to remote work has pushed even more applications out of the data centre and onto the internet. Find a next-generation firewall solution that provides multi-layered security, that includes intrusion prevention and sandboxing of malware, and provides powerful network segmentation to prevent lateral movement within the network.
Application access should be secured with a Zero Trust Network Access (ZTNA) solution that provides secure access to applications and workloads from any device and any location. And one of the best ways to deploy application security is with a web application firewall (WAF) to protect your software, your users, and their data - wherever they may be.
Step 3: It’s all about backup
Any serious ransomware protection strategy should start with thinking about backup. Consider disaster recovery as a crucial, strategic part of your infrastructure. Test it regularly and realistically — that means doing an actual restore, not just checking it’s running.
There is also still an all-too-common misconception that because your data is in the cloud it can’t be affected by ransomware. That simply isn’t true. SharePoint, Exchange, and other data sources have been hit. Even cloud and SaaS data can be encrypted with ransomware. Microsoft guarantees the availability of the service, but also recommends that you back up your data using a third-party backup solution.
Taking those three steps — protecting your credentials, securing your web applications and access, and backing up your data — may not guarantee you won’t be attacked by ransomware. But it will guarantee that you never have to pay a ransom to get your data back.