Prepare for the Next Ransomware Attack

I’ve worked in the cybersecurity field for more than a quarter-century and have spent most of the past decade working with cyber experts and law enforcement as an incident response specialist helping organizations experiencing the worst IT disasters in their histories. Crippled by ransomware, they were forced to choose between paying an exorbitant ransom or suffering intolerable business consequences. It’s an incredibly difficult decision that I’ve witnessed hundreds of organizations struggle to make.

Recently, I was called in to help one of the largest enterprise organizations in the United States respond to a particularly insidious attack that had crippled its network. The company faced a demand for a $30 million ransom and had called in its cyber insurance carrier and legal counsel for guidance. The advice of these experts was clear: bring in an incident response firm and try to clean up the mess quickly without paying the ransom. Fortunately, we were able to do exactly that, restoring operations.

Of course, every senior leader would prefer to avoid this situation at all. In working with organizations to defend against attacks, I encourage them to focus on preparation and protection to avoid dire circumstances. Let’s take a look at a few of the most critical steps that organizations can take to avoid becoming the victim of a ransomware attack.

The other key move in preparing for attacks is to build out a robust incident response process that includes the participation of all key stakeholders. In addition to security and technology teams, organizations should include legal counsel, public relations, human resources, executives and board members in their response work. Putting a solid plan in place before an attack ensures that everyone is on the same page when disaster strikes.

Technology also plays a vital role in protecting an organization against attack. Organizations should build a robust security program that includes crucial controls to reduce the likelihood of a successful attack:

• Asset management programs that track inventory and control the configuration of hardware and software
• Vulnerability management programs that identify and remediate security issues before an attacker can exploit them
• Privileged access management systems that mediate and monitor the use of administrative accounts
• Multifactor authentication that secures both administrative and normal user accounts
• Backups that facilitate rapid recovery from a ransomware attack
• Endpoint protection technology that can detect and respond to an attack in progress
• The creation and maintenance of strong encrypted passwords
• A program that frequently addresses patch management and OS upgrades
• Email security measures that block suspicious IP addresses and scan attachments for known malware
• Continued maturation of the organization’s cybersecurity program, including cyber awareness training

The bottom line is that organizations must build both a strong security culture and a resilient technology foundation to protect themselves against ransomware attacks. Those that are well-defended will improve the odds that attackers will simply move on to another, softer target.

Story by Justin MacDonald, the executive security strategist at CDW and is an accomplished information security leader with more than a decade of dedicated experience in cybersecurity. He works with executive teams and board members to educate them on the threat landscape, threat actors and their tactics, and to address best practices, policies and procedures. He seeks to understand clients’ security goals, challenges and the current landscape, identify gaps and advise on the best practices and solutions that align with their business outcomes. MacDonald provides cybersecurity executive guidance on risk, governance, compliance and IT security strategies. He has provided cyber risk and vulnerability assessments designed to help organizations quantify risk. His passion is to help protect organizations from becoming the next cyberattack victim.