How to protect your business from ransomware attacks: Part 1
Up until a few years ago, the word “ransom” probably brought to mind images of old-fashioned kidnappers who leave behind notes demanding suitcases full of unmarked currency – “and don’t even think about calling the police!”. However, in 2023 the word ransom has taken on a whole new meaning in the world of cyber security – we’re all concerned with the pressing issue of protecting your business from ransomware attacks.
And we’re concerned with good reason, too. The Australian Cyber Security Centre reports ransomware attacks are on the rise on our shores. They recorded a 75 per cent increase in their most recent Annual Cyber Threat Report over the previous year.
For most organisations, it’s not a question of if you’ll be targeted in a ransomware attack. It’s when – and how bad the collateral damage is likely to be, depending on your response and what you’ve done to protect yourself ahead of the attack (more on that later).
What is a ransomware attack (and do I need a suitcase and unmarked currency)?
Ransomware – also known as malware – is a malicious program released by a bad actor into your network, with the sole purpose of wreaking havoc. Typically this means you’ll be locked out of your own data and information, but it could also mean the threat of your data (or worse, customer or stakeholder data) being released in the public domain, or on the dark web.
The person behind the attack will then send you a message (or ransom) demanding that you pay money or perform some other action to get the key to unlock your files. It’s all done electronically – no suitcase or unmarked currency required.
Here’s the really scary part: ransomware attacks have become far more organised in recent times. In the murky depths of the dark web, there are bad actors with technical expertise who are offering other non-technical baddies the chance to subscribe to ransomware-as-a-service models. This means anyone can become a hacker, even without deep technical expertise.
Something else that should give you pause for thought is that today’s ransomware attacks can happen to anyone. They’re no longer the domain of people who want to send money to African princes. These attacks have become very sophisticated and very dangerous.
I live and breathe cyber security. I consider myself pretty savvy when it comes to scam detection. However, I was still a victim of a ransomware attack of 2017, when I (along with many other Mac users) was locked out of my MacBook. Thankfully, all it cost me was the time it took to visit the Apple store and reset the system. Other users weren’t so lucky.
The three stages of ransomware attacks.
Before we dive into some of the practical strategies to help protect your business from a ransomware attack, first it’s important to have an understanding of the three stages of attack:
- Before the ransomware event
- After the network breach or suspected breach, but before a ransom has been issued
- After a ransom has been issued.
The potential for harm and cost of remediation generally tends to increase as you progress through these stages, so ideally you’ll never move out of stage one – which for most organisations, is your business as usual. However, even with the best controls and the best of intentions, things can always go wrong – particularly as the sophistication and volume of cyber security and ransomware attacks continue to increase.
For the remainder of this article, we’ll focus on stage one. Think of this as what you should be doing right now to protect your business from the likelihood of a breach. We’ll take a look at stages two and three of ransomware attacks in our blog here.
Ransomware stage one: How to protect your business before an attack.
You might think about this stage as being your “business as usual”, but we like to think of it as being “pre attack”. In the world of cyber security, it pays to be hypervigilant: assume and plan for the worst, and you’ll always be ready.
No matter the size or nature of your business, you must be planning and preparing for a ransomware or cyber security attack now, and on an ongoing basis. Yes, this means you’ll have to undertake the dreaded network security audit if you haven’t already. You’ll need a comprehensive picture of devices, users, processes and controls to start ring-fencing what it is you need to protect.
However, in the current environment the traditional audit process doesn’t really go far enough. Your IT environment is changing all the time and so “point in time” captures are never going to be completely accurate. This is where the power of real-time monitoring visibility through Managed Detection and Response comes into play – you’ll have a team of specialists matching advanced threat detection and security response to your threat landscape, which is the best chance you have of keeping bad actors (and ransomware) out of your network.
The people who access your network, applications and data are absolutely critical to the “pre attack” stage – simply because the vast majority of cyber events are kick-started by human error. No matter how well-meaning your employees may be, it’s an unfortunate fact that they are the weakest link in your ecosystem.
We like to think of training people as a protective control, which is just as critical as any technical control you have in place. We always work with our customers to make sure there is a focus on employee awareness and behaviour, whether that be through dedicated training programs or through cyber awareness campaigns (e.g. email phishing simulations).
Looking for help with ransomware and other cyber security threats?
If you need some help making sense of the noise around ransomware and other cyber attacks, Macquarie Cloud Services is at the frontline of the Australian cyber security response. Our managed security services are provided by some of the most skilled cyber security professionals in the country, from one of the most technologically advanced SOCs in the world. This includes more than 200 staff cleared by the Australian Federal Government to manage classified government data, which we’ve done for more than a decade.