Intelligent CIO Europe Issue 57 | Page 57

FEATURE : RANSOMWARE files being deleted , overwritten , or encrypted . And while nobody enjoys thinking about those fraught moments immediately after a cyberattack , over half ( 62 %) don ’ t even have a plan for decision-making on whether to pay the ransom .
Gavin Knapp , Cyber Defence Technical Lead at Bridewell
But the picture is not all doom and gloom . Organisations have an opportunity to strengthen their cybersecurity posture in the face of these rising threats . The first step is to educate end-users on evolving ransomware risks , how they work , how they can be mitigated and how any incidents should be reported .
Once the education is in place , organisations should implement the technology required to identify the opportunities within the kill chain to detect the adversary activity and subsequently evict them from the environment . This includes strong endpoint , email and cloud app detection and response capabilities , backed up by a central SIEM platform and managed detection and response ( MDR ) service that monitors alerts 24 / 7 and implements automated response where appropriate . This proactive and multifaceted approach will go far beyond the reactive confines of cyber insurance and should be bolstered further by threat intelligence services to provide early warning of an attack .
The right response is essential
A strong cyber strategy shouldn ’ t rely on detection alone . How a business responds to a breach is also key in defining the success of its security posture . When defences fail and operations are threatened by a ransomware attack , organisations with a clear and effective incident response plan already in place stand the best chance of mitigating the damage . The incident response plan needs to be tested and ideally tabletops performed to ensure everyone is aware of the plan and their individual responsibilities . It is also critical that a robust IT Disaster Recovery plan is in place that is regularly tested . Backup controls should be protected using approaches such as segmentation of backups , strong authentication requiring Multi-Factor Authentication , backup pins or dual authorisation mechanisms to prevent backups from being disabled or overwritten .
To pay or not to pay ?
Finally , the question of whether to pay the ransom must be considered . This decision should not be taken lightly . The legal and ethical implications of
paying out need to be addressed and evaluated long before the actual criminal act takes place . Data can help organisations to make the right decision on this contentious issue : weighing up the operational cost lost per day versus the cost of paying the attacker can provide some much-needed clarity , while the level of confidence of being able to bring systems back will be a factor in many organisations ’ decision-making .
As ransomware risks accumulate , preparation must take centre stage . Basic cybersecurity hygiene practices , such as asset inventory , configuration management , application control , endpoint protection , regular testing and patching of any systems connected to the Internet and segmentation of networks still have an important role to play . However , organisations need to plan for all eventualities . The security and success of each organisation will depend on its ability to predict , prevent , detect and respond against ever-changing ransomware threats . p
Having a robust data protection strategy is just as critical . Strong data governance practices ensure that key data stays in known , risk-assessed locations , with measures in place to provide timely access to the data . In some cases , this can prevent the attacker from gaining access , but if the worst case does happen and they do get in , it can slow the attacker down until the incident response capability can identify and contain the threat .
www . intelligentcio . com INTELLIGENTCIO EUROPE 57