When Ransomware Hits: Between a Rock and a Hard Place
The harsh reality of being a victim of ransomware, either directly or indirectly, is an experience far too many of us have endured.
The recent high-profile ransomware attack on CDK Global, the company that provides back-office systems for car dealerships nationwide, demonstrates the devastating effects cyberattacks have on companies on an almost daily basis.
The impacts of these cyberattacks are significant. Having the insight of being a cybersecurity incident response professional, I regularly work with companies across the country who have been affected by ransomware. Their ability to operate and function normally is essentially crippled in most cases.
For those who haven’t faced such an incident, it’s easy to criticize companies who feel forced to pay the ransom. The argument is straightforward: by paying the ransom, you incentivize the threat actors to continue their malicious activities.
However, for those directly impacted by a ransomware event, the decision to pay is not taken lightly. In many cases, the choice to pay the ransom hinges on the reality the company may go out of business if they don’t comply.
When deciding to pay a ransom, the primary focus is usually on resuming normal operations, not the status of compromised data. In fact, it can take weeks, if not months, to determine the extent of what data has been compromised. For most companies, waiting for an investigation to conclude is impractical, leading to the payment of the ransom.
It is also crucial to recognize most of your personal data is likely already available on the dark web. We’ve all received those letters informing us a company is investigating a cybersecurity attack and our information was impacted. This is the legal way of saying your data was stolen and is now available online for a price.
Understanding there is no foolproof way to prevent ransomware attacks is vital. Even our nation’s most advanced agencies, which theoretically have unlimited funds and manpower to combat such attacks, have themselves been victims.
While the efforts of our national security agencies, such as the Justice Department, are essential, taking down one threat actor often means two more are ready to take their place.
The good news is there are steps individuals and companies can take to protect themselves. Basic security protocols, such as using complex passwords and enabling multi-factor authentication, greatly reduce the chance of a threat actor gaining access to your system.
Ensuring all software, including operating systems and applications, are kept up to date is also crucial, as cybercriminals often exploit vulnerabilities in outdated software. Regularly backing up important data and storing it in a secure, offline location ensures even if a ransomware attack occurs, you can restore your data without paying the ransom.
Conducting regular training sessions to educate employees about the risks of phishing and the importance of recognizing suspicious emails is essential. An informed workforce is one of the best defenses against cyberattacks. Additionally, using antivirus software, firewalls and intrusion detection systems can help detect and prevent malicious activities by providing multiple layers of security.
Limiting access to sensitive data to only those employees who need it, by implementing the principle of least privilege, can significantly reduce the risk of internal threats. Having a well-documented and tested incident response plan in place ensures if an attack occurs, your organization can respond quickly and effectively to minimize the impact of a cyber event.
It’s important to understand, simply clicking on a phishing email can circumvent your organization’s security measures and result in a significant cyber incident. Every time you are about to click on a link in an email, take a moment to ensure the email is legitimate. Cybercriminals have become very sophisticated and know how to trick you into clicking a malicious link that gives them access to your network.
While it’s encouraging to see comprehensive efforts to bring cybercriminals to justice, and hopefully, those responsible will face the consequences, it remains imperative to protect your systems and data proactively.
For all of us, law enforcement’s cyber efforts are essential, but individuals and companies need to adopt robust cybersecurity practices to protect themselves against the ever-evolving threat of cyberattacks. The alternative may involve tough decisions, including sending a ransom payment to the bad guys who are holding your company hostage.
https://www.linkedin.com/pulse/when-ransomware-hits-between-rock-hard-place-david-smolensky-zr9sf