Five Steps to Prepare for Ransomware Before the Labor Day HolidayFive Steps to Prepare for Ransomware Before the Labor Day Holiday
According to both the FBI and the Cyber Security and Infrastructure Security Agency, this Labor Day holiday will be a time when the danger of ransomware attacks is high.
September 2, 2021
There’s a chance you can save your clients a lot of grief this Labor Day weekend.
According to both the FBI and the Cyber Security and Infrastructure Security Agency, this Labor Day holiday will be a time when the danger of ransomware attacks is high. Cyber criminals have shown a pattern of attacking during holidays when offices are closed.
Andrew J. Peden, CEO of L5L Solutions, has some recommendations for your clients on how to protect their businesses. As he sees it, the need for taking precautions is acute.
He quotes a Ponemon Institute study that states, “If organizations are able to prevent these attacks, the cost savings could be an average of approximately $1.4 million per attack.”
Peden warns that the dollar amount is only part of your client’s potential woes. A successful ransomware attack can result in: being out of business for days, incurring the costs of recovering data and the weathering the reputational costs both upstream and downstream stemming from not having been a reliable supplier.
Peden has five steps for your clients so that when a ransomware attack comes, they’re prepared. But first, how vulnerable are your clients to ransomware attacks?
Vulnerability
As Peden points out, “Many smaller businesses are particularly vulnerable. They may not have a dedicated IT team to focus on malware attacks.”
He goes on to state that, “In the case of ransomware attacks, 90% of them will occur through an end point vulnerability.”
Unfortunately, end point vulnerabilities are everywhere. These include:
The four billion people who are connected to the Internet;
The 40 billion devices that are connected to the Internet; and
The hardware devices connected to the Internet of Things that may have as many 65,000 ports of entry for malware in each of the devices.
Peden recognizes that one of the particularly daunting aspects of a ransomware attack is that it’s highly asymmetric. “A person or state actor with evil intent only needs to find one vulnerability to get in and cause havoc.”
Peden recommends that you help your clients improve their “risk IQ.” His goal is that when an attack occurs, “It’s not your first day dealing with this. You’ve planned, educated, trained and drilled.”
He wants people to be so familiar with the scenario that if an attack occurs, they “can push play” and activate their response plan.
His five steps for being more aware and better able to respond are:
Define the critical assets. For example, if clients are in the energy sector, maybe it’s the industrial control systems for the power plants.
Define the threat. Maybe the threats are persistent, such as nation states or terrorists who are continuously trying to hack into the system. Or maybe it’s a physical threat, such as an intruder comes in, punches your client’s security guy in the throat and gets inside.
Assess the impact if the organization is compromised. Peden cites as an example the May 7, 2021 Colonial Pipeline Ransomware attack. The cyberattack impacted the computerized equipment Colonial used for managing the pipeline. For Colonial, it wasn’t just the cost of paying the ransom. As the impact rippled through society and purchasers of gasoline or jet were affected, the ransomware attack became a national security issue.
Analyze the current approach to managing the risk. Do employees across the enterprise, from the board of directors to the entry level employee, understand their role in protecting the organization? Since 90% of cyber-attacks involve a human factor, does the organization train employees not to open attachments? Do employees receive test emails, checking to see if they are being careless? Has the company researched technologies that can catch an intrusion in seconds, as opposed to the average 24-day “dwell time” of attackers within networks prior to detection?
Prepare to respond. Has the company planned so that when the attack occurs, it’s not management’s first day of thinking about it? Have they put technology and people and processes in place for an instant response? Can they respond in seconds rather than hours?
