Prevention is better than cure

SMART Cybersecurity Handbook 2022 Information Security

Ransomware tactics have continued to evolve over the years and remain a prominent threat to both SMBs and larger organisations. Particularly during the peak of Covid-19, research by IBM found that ransomware incidents ‘exploded’ in June 2020, which saw twice as many ransomware attacks as the month prior, taking advantage of remote workers being away from the help of IT teams. The same research found that demands by cyber attackers are also increasing to as much as £31 million, which for businesses of any size, is detrimental for survival.


Jack Garnsey.

In recent months, ransomware attacks have not left the mainstream media headlines. And with the number and frequency of ransomware attacks increasing, not to mention the innovation in distribution methods, this should be a wake-up call for organisations to strengthen their defences. Jack Garnsey, product manager. Security Awareness Training and SafeSend, VIPRE, explains that by taking a preventative approach, businesses can take the necessary steps to strengthen their cybersecurity posture. This includes a combination of education, processes, hardware and software to detect, combat and recover from such attacks if they were to arise.

Ransomware in the 21st Century

Ransomware is not a new phenomenon, but its use has grown exponentially and has led to the development of the term Ransomware-as-a-Service (RaaS), which is a subscription-based model that enables affiliates to use already-developed ransomware tools to execute attacks.

As ransomware incidents become more sophisticated and frequent, such as the increase in fileless attacks which exploit tools and features that are already available in the victim’s environment, the level of potential damage to a business is heightened. These types of attacks can be used in combination with social engineering targeting, such as phishing emails, without having to rely on file-based payloads. And unfortunately, ransomware is extremely difficult to prevent. All it takes is one employee clicking on the wrong link in an email or downloading a malicious attachment.

No matter the size of an organisation, the effects of ransomware can be devastating financially, as well as inflicting longer-term damage to business reputation. The Irish Department of Health and Health Service Executive (HSE) were recently attacked by The Conti ransomware group, who reportedly asked the Health Service for $20 million to restore access. This attack caused substantial cancellations to outpatient services; part of a system already stretched to the max due to Covid-19.

Some ransomware gangs operate by a flimsy code of ‘ethics’, stating they don't intend to endanger lives, but even if a minority of ransomware organisations are developing a sense of conscience, businesses are not exempt from the damage that can be done from such attacks.

Additionally, in the US, Colonial Pipeline paid the cyber criminal group DarkSide nearly $5 m in ransom, following a cyber-attack which took its service down for five days, causing supplies to tighten across the US. Unfortunately, when under attack, a majority of businesses, such as the major pipeline, often pay the ransom.

Luckily for Colonial Pipeline, some of the money was later recovered by the American Department of Justice's Ransomware and Digital Extortion Task Force. But if they pay once, they will pay multiple times. A successful ransomware attack can be used various times against many organisations, turning an attack into a cash cow for criminal organisations offering RaaS. So much so, that there is now an ongoing debate around whether it should be illegal for businesses or an individual to pay a ransom in order to try and deter the attackers, or at the minimum, to at least report it to the necessary regulators.

Contain and report It

If a ransomware attack were to take place, it is important that the organisation works with local authorities to try to rectify the issue and follow the guidance. Often, many ransomware attacks go unreported and this is where a lot of criminal power lies.

Prevention is always better than cure and damage limitation and containment are important right from the outset. As the United States’ President, Joe Biden, highlighted in his recent letter to business leaders around ransomware: “The most important takeaway from the recent spate of ransomware attacks on U.S., Irish, German and other organisations around the world is that companies that view ransomware as a threat to their core business operations, rather than a simple risk of data theft will react and recover more effectively.”

Most organisations should have a detailed disaster recovery plan in place and if they don’t, they should rectify this immediately. The key to every disaster recovery plan is backups. Once the breach has been contained, businesses can get back up and running quickly and relatively easily, allowing for maximum business continuity.

As soon as the main threat has passed, it is recommended that all organisations conduct a full retrospective audit, ideally without blame or scapegoats and share their findings and steps taken with the world. Full disclosure is helpful, not only for customer, client or patient reassurances, but also for other organisations to understand how they can prevent an attack of this type being successful again.

The support of digital tools

When it comes to ransomware, the importance of getting security foundations right must be emphasised. These attacks are not likely to stop or slow any time soon, but their success can be prevented with the right security armoury.

Particularly to mitigate the threat of ransomware, it is crucial to have secure endpoint protection in place which protects at the file, application and network layer across a number of devices and respond to security alerts in real-time. This has never been more important than during the ongoing pandemic, where employees are dispersed and working from home in order to ensure all devices are protected and comply to the same standards.

Additionally, solutions such as email attachment and URL sandboxing are also vital, as these digital tools provide vital protection against malicious emails. They can help prevent dangerous links, attachments or forms of malware from entering the user’s inbox by examining and quarantining them. By filtering out this traffic and automatically restricting dangerous content, businesses can maintain greater control over email and the access points to the network.

The human layer

The users themselves are a key part of any security strategy. Those who are educated about the types of threats they could be vulnerable to, how to spot them and the steps to take in the event of a suspected breach, are a valuable and critical asset to any organisation.

Employees need to be trained to be vigilant, cautious, suspicious and assume their role as the last line of defence when all else fails. The final decision to click send on an email or a link lies with the human, but this one click could mean the entire organisation falls prey to a ransomware attack. The key is to change the mindset from full reliance on IT, to one where everyone is responsible. In order to strengthen a business’ human layer protection, security awareness training and education must be implemented across the board.

These programmes are designed to support users in understanding the role they play in helping to combat attacks and malware. Using phishing simulations, for example, as part of the wider security strategy, will help to give employees insight into real life situations they may face at any point. The importance of testing your human firewall was also outlined in Biden’s ransomware letter: “Use a third-party pen tester to test the security of your systems and your ability to defend against a sophisticated attack. Many ransomware criminals are aggressive and sophisticated and will find the equivalent of unlocked doors.”

Conclusion

Cybersecurity is a multi-faceted, complicated area and one which must receive investment in each layer, from the technology to the people, to the tools we give to the users. Nevertheless, businesses of all sizes can safeguard their data and themselves from these types of ransomware attacks by investing in their cybersecurity and ensuring their workforces are conscious and informed of the threats they face.

Both detection and prevention play a key role in stopping ransomware, but it shouldn’t be one or the other. The essence of a solid cybersecurity strategy is a layered defence that includes endpoint detection and response, email security, advanced threat protection, web security and a business-grade firewall for the security of your network – at its most basic. But even with the most sophisticated software in place, hackers make it their mission to stay one step ahead of IT defences. That is why regular training, in addition to complementary security tools which reinforce security best practice, can provide a fortified strategy for users to mitigate the threat of a cyberattack.

Find out more at https://global.vipre.com




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
Upgrade your PCs to improve security
Information Security Infrastructure
Truly secure technology today must be designed to detect and address unusual activity as it happens, wherever it happens, right down to the BIOS and silicon levels.

Read more...
Open source code can also be open risk
Information Security Infrastructure
Software development has changed significantly over the years, and today, open-source code increasingly forms the foundation of modern applications, with surveys indicating that 60 – 90% of the average application's code base consists of open-source components.

Read more...
DeepSneak deception
Information Security News & Events
Kaspersky Global Research & Analysis researchers have discovered a new malicious campaign which is distributing a Trojan through a fake DeepSeek-R1 Large Language Model (LLM) app for PCs.

Read more...
SA’s strained, loadshedding-prone grid faces cyberthreats
Power Management Information Security
South Africa’s energy sector, already battered by decades of underinvestment and loadshedding, faces another escalating crisis; a wave of cyberthreats that could turn disruptions into catastrophic failures. Attacks are already happening internationally.

Read more...
Almost 50% of companies choose to pay the ransom
News & Events Information Security
This year’s Sophos State of Ransomware 2025 report found that nearly 50% of companies paid the ransom to get their data back, the second-highest rate of ransom payment for ransom demands in six years.

Read more...
Survey highlights cost of cyberdamage to industrial companies
Kaspersky Information Security News & Events
The majority of industrial organisations estimate their financial losses caused by cyberattacks to be over $1 million, while almost one in four report losses exceeding $5 million, and for some, it surpasses $10 million.

Read more...
Digital economy needs an agile approach to cybersecurity
Information Security News & Events
South Africa is the most targeted country in Africa when it comes to infostealer and ransomware attacks. Being at the forefront of the continent’s digital transformation puts South Africa in the crosshairs for sophisticated cyberattacks

Read more...
SIEM rule threat coverage validation
Information Security News & Events
New AI-detection engineering assistant from Cymulate automates SIEM rule validation for SecOps and blue teams by streamlining threat detection engineering with automated testing, control integrations and enhanced detections.

Read more...
Cybersecurity a challenge in digitalising OT
Kaspersky Information Security Industrial (Industry)
According to a study by Kaspersky and VDC Research on securing operational technology environments, the primary risks are inadequate security measures, insufficient resources allocated to OT cybersecurity, challenges surrounding regulatory compliance, and the complexities of IT/OT integration.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.