What should companies do to respond to ransomware attacks?

When it comes to mitigating the dangers of ransomware attacks to your organisation, a strong security solution that fits your operations needs to be in place

Ransomware has been among the most prominent and pressing cyber security dangers as of late, with critical infrastructure and an array of other sectors being hard hit by ransomware attacks. Major incidents such as the Colonial Pipeline attack and Log4Shell brought companies to a standstill, in some cases leading to ransoms worth millions being paid. What’s more, recent research conducted by Proofpoint found that the ransom payment itself only accounts for less than 20% of the total cost of the attack, with large US companies losing an average of $14.8 million annually.

Along with the disruption of operations, experiencing a ransomware attack can severely damage the reputation of an organisation, and dent customer trust. It is vital that a proper response strategy is in place in the case of such an incident. With this in mind, we take a look at what organisations can do to respond to ransomware attacks.

Incident response

According to research from Adarma, almost 60% of UK businesses with over 2,000 employees have experienced a ransomware attack. This demonstrates the high and rising demand for strong detection and response measures in today’s business world.

Following the surveying of ransomware readiness among UK organisations, Adarma CEO John Maynard declared a gap to be addressed between confidence and proper preparation. He stated: “With our research showing that almost 60% of UK businesses with more than 2,000 employees having experienced a ransomware attack, it is critical that we elevate this risk within our own organisations.

“There are a number of steps that organisations can take to reduce their risk of business impact from ransomware attacks from preventive measures and effective preparation through to detection, disruption, eradication, containment and response. It is critical that we reduce the attack surface, harden our systems, deploy preventive and detective controls, and implement a well thought out incident response plan that extends beyond just the technical requirements.

“Organisations should be regularly simulating an attack to test the effectiveness of their organisational defences and response plans and adapting and improving before being faced with the real thing.”

Application scanning

Planning to mitigate the impacts of ransomware attacks should include web application scanning, which allows for a security audit of applications for vulnerabilities and malware.

Among the most sufficient tools for this out there is Indusface WAS. Provided by application security SaaS company Indusface, this WAS comes complete with:

  • Unlimited automated scanning for instant detection of evolving vulnerabilities;
  • Manual penetration testing provided by Indusface experts, for efficient security evaluation and business logic vulnerability discovery;
  • Malware detection, and blacklisting of hacked or infected sites;
  • 24/7 expert support to aids remediation, and to avoid false positives.

Built for developers to find and fix web vulnerabilities quickly, the combination of automated scanning and pen testing from supporting staff with Indusface WAS allows organisation employees to carry out their best work with peace of mind.

Web application firewalls

A web application firewall (WAF) is a network security system designed to provide security for web-based applications, by filtering and monitoring traffic and blocking any malicious activity that may be linked to ransomware. With Internet usage for work remaining common on an increasing number of endpoint devices, while employees continue remote or hybrid working, staying protected throughout makes this kind of cyber security vital. Implementing a platform-as-a-service (PaaS) approach, with the aid of a cloud-based WAF can reduce strain on staff when it comes to maintaining the infrastructure, as well as keeping costs down.

Research conducted by content delivery network Edgecast identifies web application firewalls as among the top trends in Over-the-Top (OTT) service security, and a measure that strongly protects organisations against ransomware attacks.

Commenting on the importance of WAFs, Edgecast general manager and chief product officer Ariff Sidi explained: “Criminals pose as brands to steal account credentials, financial information and trick users into downloading malware. Streaming services are fertile ground and have been targeted for their treasure trove of user data and premium content, such as original series and blockbuster films, which can be illegally monetised.

“To protect against various threats, we’re likely to see more OTT platforms move to cloud-based solutions, such as WAF, DDoS, and bot detection/mitigation. These solutions offer the capabilities necessary to counter increasingly savvy cyber attacks while simultaneously reducing operational costs.”

Indusface’s Apptrana WAF takes an instant, proactive approach to finding and patching vulnerabilities by tailoring solutions to suit the needs of an individual application. Unlike competing WAFs provided by a cloud service provider, Apptrana provides a single pane of view of vulnerability & protection status, and comes with an Integrated Threat Intelligence Platform for continuous learning and updates.

Ensure the strongest possible ransomware response

The threat of ransomware is showing no signs of ceasing any time soon. To ensure the strongest response to ransomware attacks, businesses should have web application scanning and web application firewalls in place to keep further threats from infiltrating the organisation. No security team should be an island, and would majorly benefit from working with a supporting SaaS partner to keep the network protected, now and in the future.

This article was written as part of a paid for campaign by Indusface.

Related Topics

Cyber Attacks
Ransomware
SaaS