If there’s one cybersecurity term everyone knows, it’s ransomware.
It’s the act of a bad actor holding a system, assets or valuable data for ransom and demanding a high payment. Ransomware appears to be everywhere these days, from a spam email that leads a user’s MacBook to be taken over by malware to a Russian hacking group targeting government entities through a major third-party supplier. There’s a reason the term keeps making headlines, though; it’s because it’s happening more often with positive results for hackers.
Why Is Ransomware Effective, And Why Is It Increasing?
Here’s a breakdown of how a ransomware attack works: A hacker gains access into an organization’s system and through lateral movement (and often a lack of internal access controls), is able to gain entry to something valuable. That could be patient privacy data for a healthcare organization, operation controls for a factory or the Social Security numbers and names of customers at a major retailer.
Because many organizations lack proper cybersecurity protocols – like fine-grained access controls or access limitations for third parties – bad actors have found it easy to move laterally once they breach a system. Take the Kaseya attack in which attackers were able to hack a software update and push it through to hundreds of customers, including a grocery store chain, schools and a national railway system. Right now, 51% of breaches originate from a third party, which highlights how lucrative an access point it is for attackers. Not to mention that human error is still playing a significant role in how often organizations get breached. There is a 17% rise in the number of employees offered money to aid in ransomware attacks against their employer, and 75% of organizations experienced a phishing attack in 2020. The data shows that ransomware simply works.
This kind of breach, especially if executed through a third-party vendor into a major organization, often pays off for the hackers. The amount held for ransom increased from $5000 in 2018 to $200,000 in 2020, and experts estimated that every 11 seconds, an attempted ransomware attack occurred in 2021. Organizations are willing to pay, so hackers will continue to target them.
What Threats Do Ransomware Pose To An Organization?
To start with the most obvious, a breach risks financial and operational loss, but those impacts often extend beyond the targeted organization. The Colonial Pipeline hack, one of the bigger ransomware attacks of 2021, caused a shutdown of the pipeline, which resulted in gas shortages across the Southeast United States. The company ended up paying the ransom, and while it was able to get some of that money back, it’s said to have lost over $5m. That’s not including the reputational damage.
When it comes to government entities, critical infrastructure or organizations that are connected to a vast amount of third parties (like a smart factory), the impact of a ransomware attack could quickly spiral.
How To Protect Against Ransomware
Yes, ransomware is a mounting threat, but that doesn’t have to mean your organization is the next to be breached. There are multiple steps any entity can take to protect itself from an attack.
- Take a decentralized access management approach to cybersecurity: There is no centralized system anymore in the age of remote work and globalization, so why is your organization still relying on castle-and-moat-style cybersecurity? If only the exterior is protected, and a hacker breaches that exterior, they could immediately go anywhere and everywhere within a system. It’s often that lateral movement that leads them to critical assets or even allows them to jump from one organization to another. Instead, take a decentralized approach that looks at access points and how users (internal and external) are accessing and utilizing those points instead.
- Restrict access with strong access policies and fine-grained access controls: Good cybersecurity comes down to access. The first step is to build out strong access policies and make sure they’re followed. By implementing role-based access controls for internal users, allowing only granular access by following the principle of least privilege access and reviewing user access regularly, an organization can ensure that every user is following access best practices. Fine-grained access controls further limit which users can access what (and where and when) through methods like zero trust network access, time-limited access, multi-factor authentication and other access verification options. These kinds of internal controls limit the attack surface and prevent lateral movement in case of a breach.
- Secure third-party access points: As mentioned above, it’s both easy and effective for an attacker to breach a system through a third-party access point. Applying the same access policies to those entities and making sure those third-party users can only access what they need (instead of allowing full network access through a VPN) reduces that inherent risk.
- Educate, educate, educate: Phishing is still as effective as when email was first introduced to the masses. Taking the time to continually educate internal users on phishing is a significant step to ensuring your organization doesn’t fall prey to it. Helping every user better understand your organization’s cybersecurity and best practices is the best way to ensure that every access point, asset and system is safe.