BACK

4 steps for organisations to avoid the ransomware pandemic

While ransomware is not a new threat, it has significantly amplified since the start of COVID-19, with new strains multiplying and attackers embracing ever-more complex techniques. It now takes an average of 280 days for organisations to find and contain a breach and ransomware is becoming a real concern – labelled the biggest threat to …

  • 06 Oct 2021
  • Rick Jones
3 min read

While ransomware is not a new threat, it has significantly amplified since the start of COVID-19, with new strains multiplying and attackers embracing ever-more complex techniques. It now takes an average of 280 days for organisations to find and contain a breach and ransomware is becoming a real concern – labelled the biggest threat to UK companies, according to the National Cyber Security Centre. It is therefore time for businesses and their executive boards to put a step-by-step plan in place to protect themselves from this cybercrime pandemic.

An alternative pandemic

COVID-19 and the consequential national lockdowns gave cyber-criminals the opportunity to capitalise on the unpreparedness of boardrooms, which in turn has had devastating impacts on organisations. As businesses hurried to transition to remote working, they expanded their corporate attack surface by rapidly introducing cloud infrastructure and less secure employee-owned endpoints. Recent months has seen high-profile cases of remote access infrastructure not properly protected, unpatched vulnerabilities exploited in VPNs, with hijacked RDP servers protected only with weak or breached passwords. Employees have also engaged in more risky behaviour than they would in the office, making companies far more vulnerable to ransomware attacks.

As this form of cybercrime has seen a rise month-on-month since the start of the pandemic, and as the cyber skills crisis continues on a ‘downward, multi-year trend of bad to worse’, enterprises must prioritise improving their security position. The threat is finally being treated with the gravity it deserved by government, but often not by organisations themselves. This means a greater focus on plugging security gaps, improving company-wide cybersecurity hygiene and awareness, and enhancing proactive detection and response.

How can you act?

  1. Maintain good cyber hygiene

To avoid a ransomware attack, organisations should run regular vulnerability scans and risk-based patching programmes to reduce the corporate attack surface. Penetration testing will help to identify and correct vulnerabilities and configuration errors, especially around passwords and access controls. The findings of these tests can also feed into the security training and awareness programmes for the workforce.

  1. Apply appropriate controls

Organisations must understand what and where their most sensitive data and IT assets are and then apply the appropriate controls, including strong encryption. An enterprise will also benefit from following internationally recognised standards to enhance its security policies. This includes least privilege access rules and multi-factor authentication, network segmentation and strict vetting of third-party providers.

  1. Education and awareness

One of the most important factors of a cybersecurity strategy for a hybrid work structure is culture. From a security perspective, the workforce has a huge part to play and a shocking 88% of breaches are traced back to human error. Therefore, businesses must promote good security habits and educate on why cybersecurity is important, which in turn will contribute to a security-first mindset. This can be achieved through training and awareness programmes. For example, phishing simulations could be used to test and educate employees on the latest scams and feedback on how they’re performing. It is vital such messaging and direction comes from the top (the boardroom) to reinforce the necessity of a security-first approach. IT teams should also take time out to integrate with the whole workforce and explain the potential impact of clicking a doctored link or failing to report a phishing email.

  1. A holistic approach

As ransomware attacks continue to evolve, it is important businesses keep full control of every aspect of their security operations, from log management to threat mining and IDS. It is advised organisations adopt a holistic 24/7/365 threat detection approach. Businesses must understand the benefits of investing in a well-trained security operations team, whether in-house or the increasingly popular option of outsourcing to an expert provider, which guarantees peace of mind day and night.

As we adapt to the new business landscape, companies must not neglect cybersecurity. Ransomware will continue to cause ruptures unless victim organisations invest in holistic security solutions and stop paying their extorters. The focus should always be on spotting the warning signs of an attack early on and being prepared to take action before the threat actors are able to do any damage. Everyone is a target today, from education to healthcare to retail organisations, but not everyone has to be a ransomware victim.

 

 

 

Blog Details
  • 06 Oct 2021
  • Rick Jones

Newest Articles.

View all
  • 06 Oct 21

    4 steps for organisations to avoid the ransomware pandemic

    Read Article logo
  • 06 May 21

    World Password Day: How secure are your passwords

    Read Article logo
  • 30 Apr 21

    Who should take responsibility for your cybersecurity strategy?

    Read Article logo
  • 10 Feb 21

    Why the Top UK Organisations Are Using a 24/7/365 Cyber Security Service to Protect Their Digital Infrastructure? 

    Read Article logo

Get a Quote

Click below and we’ll send you a quote as soon as possible.

quote-form-pattern
  • This field is for validation purposes and should be left unchanged.

Contact Us

Click below and we’ll send you a quote as soon as possible.

quote-form-pattern
  • This field is for validation purposes and should be left unchanged.

Step 1 of 4 - Let’s get started

  • Thanks for your interest in working with us. Please complete the details below and we’ll get back to you as soon as possible.
Close ×
price-popup-pattern
Close ×
price-popup-pattern
Close ×

Step 1 of 3

  • Cyber Essentials Basic Pass Guarantee - £950

    Your Details

price-popup-pattern
Close ×

Step 1 of 3

  • Cyber Essentials Basic Pay Monthly - £79 pcm

    Your Details

price-popup-pattern
Close ×

Step 1 of 2

  • Cyber Essentials Plus - Get a Quote

    Your Details

price-popup-pattern
Close ×

Get In Touch

  • This field is for validation purposes and should be left unchanged.
price-popup-pattern
Close ×

Get A Quote

  • This field is for validation purposes and should be left unchanged.
price-popup-pattern
Close ×
price-popup-pattern

Buy Cyber Essentials

price-popup-pattern