Ransomware has existed as long as the internet has. From phishing scams to system takeovers to cyber espionage, hackers and bad actors have figured out that ransomware is both easy and profitable. It’s so profitable, in fact, that ransomware attacks have doubled in each of the last two years, and account for 22 percent of all 2021 cyber attacks. We fully expect that number, and the dollar amounts that come with it, to grow exponentially in the coming years.
Why Will Ransomware Increase?
You only need to look at the headlines to see what’s ahead for cyberattacks and ransomware. Over the past year, there’s been a 17% rise in the number of employees offered money to aid in ransomware attacks against their employer. In addition, phishing attempts rose 200% in 2020, the amount held for ransom increased from $5,000 in 2018 to $200,000 in 2020, and experts estimated that every 11 seconds an attempted ransomware attack occurred in 2021, according to Cybersecurity Ventures.
Those stats tell us that ransomware is effective, and as long as hackers are able to profit off of the attack, they’ll keep up the con. But it’s not just that the crime pays — it’s pretty easy to accomplish. Many systems are unprotected, phishing is still a shockingly reliable attack vector, and as the world becomes more interconnected, the pathways into and through valuable OT systems multiply.
Those pathways also include third parties, which are both necessary for many organizations, and carry with them an inherently high risk. Take the Kaseya attack where attackers were able to hack a software update and push it through to hundreds of customers, including a grocery store chain, schools, and a national railway system. Right now, 51% of breaches originate from a third party, which just highlights how lucrative an access point it is for attackers.
How to Protect Against Ransomware Attacks
Ransomware will always be a threat, but that doesn’t mean there isn’t action your organization can take to stay secure.
1. Take a decentralized approach to cybersecurity.
In the age of remote work and globalization, there is no centralized system anymore, there’s hardly even centralized offices. So why is your organization still relying on a castle-and-moat style cybersecurity? Instead, take a decentralized approach that looks at access points and users (internal and external) instead of just those exterior walls.
2. Restrict access with strong access governance and fine-grained controls.
Good cybersecurity comes down to access. Building out strong access polices, making sure they’re followed, and further determining what users can access what (and where and when) through fine-grained access controls (like Zero Trust Network Access) limit the odds of a bad actor slipping through.
3. Secure your third-party access points. As mentioned above, third-party access points are a high risk point. By working with your third parties to control access and make sure it’s done securely, you’re taking a major step in preventing a third-party data breach. There’s no HR system for third parties the way there is for internal users, so utilizing some kind of privileged access management system is key for this step.
4. Monitor and audit access. You can’t know what users are accessing unless it’s monitored. Employing proven access monitoring techniques – like proactive observation and reactive analysis are important for any organization. These steps can detect anomalies, help and organization better understand flaws, and provide crucial information if a breach occurs.
5. Educate your organization. Phishing is still as effective as it was when email was first introduced to the masses. Educating your users are good cybersecurity hygiene is a critical step in staying safe. It only takes one opened malicious email or one unauthorized access attempt to potentially hold an entire system for ransom, so every user has a role to play.
This post originally appeared in DataBreach Today.