Ransomware is unavoidable. From private businesses to local councils, networks are being illegally locked and data digitally kidnapped in the pursuit of ill-gotten profit. And, unfortunately, the UK is the world's most targeted nation for phishing scams and ransomware.
British businesses are viewed as the pinnacle of targets and according to a new report by Verison, phishing incidents and ransomware attacks are only on the up.
For many, the prospect of a ransomware attack is enough to warrant sleepless nights. But, for companies that have their data compromised, the situation is now even more worrying.
The General Data Protection Regulation (GDPR), which will come into force in 2018, will come down extremely hard on companies that fail to protect confidential data once in effect.
For companies, the revised GDPR could mean hefty fines of up to 4% of global turnover or €20m Euros (£15.8m), a cost almost guaranteed to be greater than the original ransom.
Large companies will also be forced to employ a data protection officer and data breaches will have to be reported within 72 hours.
So how can organisations defend against ransomware and avoid regulatory punishment? These four steps will stand companies in good stead to mitigate the risks of an attack.
1. Control access
The first port of call is to try and prevent ransomware from ever entering your network. In order to prevent an attack, companies have to properly blacklist and whitelist certain applications. By strictly controlling access, the risk of a threat can be greatly reduced thanks to the blockage of malware.
As ransomware is spread largely through opportunistic phishing emails, implementing stringent control and access should minimise the chance of an attack sneaking in.
2. Educate your workforce
Of course, it is almost impossible to block every form of malware from entering your network, especially as they continually evolve and improve. Cybercriminals understand that the weakest point of entry into an organisation is through the staff, and therefore often target junior employees. Hackers know the environment they are attacking and capitalise on the fact that the majority of people will not ignore an email labelled urgent.
In order to cut this risk, companies should introduce awareness courses and provide informative educational materials on how to spot an attack, who to contact in such a situation and how to avoid falling victim. This way, if an employee does find a suspect email in their inbox, they are equipped to deal with the situation.
3. A context-aware approach to security
As much as security education is a necessity, companies must also ensure that they are protecting its employees in a context-aware manner. In order to be context-aware, an organisation must have the answers to a number of questions. What position does someone hold within the company? What applications are they accessing? Where are they situated within the world, and what team or division do they work within? Equipped with this knowledge, a company can ensure that employees only have access to the programmes and applications they need. By not granting universal access to the complete infrastructure, an organisation can reduce the number of possible entry points for a hacker.
4. Secure the employee journey
In order to reduce vulnerable entry points further, companies should look to formalise their user lifecycle. This can be done by implementing or refining onboarding and offboarding procedures. This way, new joiners, and more specifically leavers, will not expose an access point that represents an open door to an opportunistic cybercriminal.
To make sure that the user lifecycle is monitored and contained, organisations can outsource this function to companies that secure digital workspaces. With minimal time invested, a company can ensure that the entire process is properly managed.
By following the above steps, a company can look to lessen the likelihood of succumbing to an attack. Preparedness is crucial because once a hacker accesses a network, that company can never truly draw a line under the ordeal.
From the moment data is locked and stolen, it will be forever compromised. Even if a company pays the ransom to unlock their data, what they receive back will undoubtedly be in a different format and full of holes. As well as this, the reputational damage of an infiltration could have devastating effects on a business’s bottom line.
Ultimately, the ransomware threat should not be overlooked. Companies must ensure that they are doing their upmost to block phishing emails from reaching their employees. They should also ensure that their workforce is educated on the matter, in case ransomware does find its way onto the network.
This way, access points are reduced and the likelihood of accidental, but hugely damaging, mistakes are minimised. Fail to prepare, and both the regulators and the criminals will be hot on your heels.
Sourced from Andy Buchanan, area VP, UK&I, RES