The recent ransomware attack on WestRock should be a call to action for manufacturers to tighten their security.
According to Cybersecurity Insiders, "the attack that was detected on January 23rd, 2021 was highly sophisticated where hackers stole a portion of data from the servers and locked it down from access."
According to DarkReading.com, "in 2020, ransomware attackers moved quickly to adopt so-called 'double extortion' schemes, with more than 550 incidents in the fourth quarter alone."
DarkReading.com went on to state that "using data collected by automated feeds, cyber-risk firm Digital Shadows documented 550 double-extortion postings on data leak sites maintained by more than a score of ransomware groups." By far, the industrial goods and services sector bore the brunt of ransomware attacks, with 29% of all 2020 attacks targeting the industry, while businesses in North America accounted for two-thirds of all attacks, Digital Shadows discovered.
Quarter over quarter, the cybersecurity firm saw a significant increase in ransomware attacks using the twin strategies of demanding a ransom and then leaking the data if the victim did not pay, says Jamie Hart, a cyberthreat intelligence analyst with the company.
We are going to continue to see ransomware increase because the pay-or-get-breached method gives an opportunity for the new and less-known ransomware groups to make a name for themselves in 2021, she says. There is no sector that is off limit to these groups.
SecurityBoulevard.com provided the following advice to protect organizations from potential ransomware attacks:
"Determine Ransomware Attack Risks and Exposure
To lay the foundation for a more secure company network, you must identify every weakness in your organization's systems.
The most effective way to find your system's vulnerabilities and exposure points is by conducting a vulnerability audit and assessment. There are tools available for this purpose that can perform white and/or gray box tests along with simulated social engineering techniques to evaluate your organization's security posture.
With a better understanding of your organization's network weaknesses, you can then build a long-term vulnerability management program. Your program should include ongoing periodic security scans, real-time discovery alerts for new vulnerabilities that arise and regularly scheduled vulnerability reviews. These and other precautionary measures help you continuously identify, assess and remediate security issues within your IT environment.
Establish Endpoint Detection and Response (EDR)
The key to implementing effective ransomware prevention is endpoint detection and response (EDR), which is even more important if most of your company's employees work from home. The risk for remote endpoints like laptops, mobile phones and other devices increases exponentially if home networks aren't secure. Endpoints in the data center and the cloud are also at risk.
Endpoint deficiencies often expose organizations to many different ransomware attacks, including Locky, WannaCry and Troldesh. No matter how much you trust employees or remind them of cybersecurity risks, one wrong click or malicious file can lead to a catastrophic ransomware attack. This makes endpoint protection crucial. A comprehensive endpoint protection tool should offer 24/7 endpoint security management and malware event detection and analysis. A quality solution also should use advanced algorithms to detect and contain ransomware based on cybercriminals' actions and leverage ransomware-resistant, next-generation security technologies.
Establishing EDR effectively takes your cybersecurity beyond standard signature-based antivirus and threat detection methods that have little to no chance against more sophisticated ransomware attacks. In fact, investing in an updated EDR system makes a successful ransomware attack virtually impossible.
Implement a 24/7 Security Operations Center (SOC)
Cybercriminals who conduct ransomware attacks are strategic in their timing. Most attacks tend to occur over the weekend; usually late at night. For example, a ransomware attack could ignite on Sunday at 2 a.m. with a logic bomb that runs through Sunday evening to harvest loads of data. I've heard firsthand horror stories from IT teams forced to spend their Sunday dealing with the immediate aftereffects of a ransomware attack and debating if they should pay a cybercriminal in bitcoin because the attack already went too far.
Because a ransomware attack can occur at any moment, it's critical to employ a 24/7 security operations center (SOC) team to monitor your environment. Whether internal or outsourced, SOC teams keep watch over your IT environment at all times to prevent potential attacks and respond quickly if an attack does happen.
Consult a Managed Service Provider (MSP)
At a time when IT budgets may be reduced and ransomware attacks are running rampant, a managed service provider (MSP) or a managed security service provider (MSSP) can keep your company protected at an affordable rate. Partnering with an MSSP or MSP also helps you overcome the current cybersecurity talent shortage by saving on the high cost of hiring security talent.
An MSP places a team of security experts at your disposal. Many MSPs have decades of experience and have guided other companies through past ransomware attacks. MSPs also save you time and research in finding the best ransomware protection technology to meet the specific needs of your company's network. Most MSPs have partnerships with top technology providers and can help your organization identify the right security solution, such as an EDR system. MSPs can also manage EDR for you so your team can work smarter, not harder, to prevent ransomware attacks.
Invest in Proactivity or Pay the Price of Reactivity
At this point, it's not a matter of if you'll face a ransomware attack, it's a matter of when. So ask yourself: Would you rather invest in the protection needed to prevent a catastrophic event from happening and tell your board of directors that you are capable of responding to a ransomware attack? Or would you rather roll the dice and take the chance that you'll be paying a cybercriminal thousands, or even millions, on a Sunday afternoon, to recover your company systems? The choice is yours."
Helen Roush is Executive Vice President of Paperitalo Publications.