Ransomware Attacks and Defence In 2022
Ransomware is a big problem for businesses. A 2020 CTV News post estimated that ransomware cost Canadian companies $2.3 billion in 2019. Fast-forward to 2021, Canada witnessed the worst cyberattack ever recorded.
The latest prey of the syndicate was The Canadian Revenue Agency (CRA), which was recently targeted with a ransomware attack. The agency reported that the personal information belonging to over 11,000 Canadians was compromised, with more than 80,000 users unable to access CRA’s services. But what can an individual or a business do to repel ransomware in 2022? Read on to find out!
What is ransomware?
Ransomware is malware that restricts access to the victim’s data and demands a ransom. It may be installed on your PC when you click an email link, download infected software, or visit an unsafe website while browsing. Ransomware is usually installed without your consent or knowledge.
5 Things You Need to Do to Protect Your Business from A Ransomware Attack
1. Education
The end-user is usually the weakest link in any potential cyber-attack. As such, training is the first step to preventing one. Employees need to know how ransomware is delivered to a system and what to do if they encounter it.
Currently, several Canadian I.T. service companies provide ransomware training to companies. The objective of the exercise is to teach employees security measures on how to prevent, manage and respond to ransomware attacks.
2. Multi-Factor Authentication
Adding an extra layer of security for your login credentials can help to prevent ransomware attacks. Multi-Factor Authentication (MFA) requires the user to provide more than one type of identification such as a password and One Time Password (OTP) to access the system.
There are several ways to implement MFA on your computer. They include:
Using a physical security key in addition to your password
This method effectively prevents ransomware attacks since it’s a physical authentication. It uses a key fob device to generate OTP codes that need to be entered before logging in.
However, this method can be cumbersome and costly if many employees use separate security keys for each person. In this case, companies can opt for a software-based security key installed on all employees’ devices.
Using biometric authentication
Biometric authentication uses physical or behavioural characteristics like fingerprint scanning, voice recognition or facial recognition to authenticate the user. Since it uses unique individual features, it is a powerful form of authentication and challenging to hack.
Using software-based authentication
This method also uses a software-based token to generate OTP codes. It’s just as effective at preventing ransomware attacks as the physical security key, but it doesn’t require purchasing additional hardware.
Additionally, it can be used on both desktop and mobile devices, unlike a physical authentication key which only works on mobile devices.
After the outbreak of COVID-19, working from home revolutionized how businesses operated. However, this shift has created a huge security risk for companies, making them more vulnerable to ransomware attacks.
When employees work from home, their workstations are not part of the company’s defined network and thus can be attacked by ransomware. In this case, a web filtering solution is the best option to protect your network.
A DNS-filtering solution will inspect all internet traffic into your network and block any requests to malicious I.P. addresses. This will prevent ransomware from ever entering your company’s network.
It will also provide additional security against malware, phishing attacks and other online threats.
4. Managed Threat Response
With the increase of ransomware attacks, it is no longer enough to deploy antivirus and anti-malware systems to prevent ransomware. You need a threat response solution to detect and neutralize the threat in real-time.
This includes incorporating a Security Operations Centre comprising highly skilled and trained personnel in threat hunting and remediation of threats in corporate environments.
Small organizations that can’t have their own 24/7 security team can outsource their security needs to a Managed Security Service Provider (MSSP). MSSP’s offer a wide range of security services that include, but are not limited to:
- 24/7 monitoring of networks and systems
- Incident response and forensic analysis
- Threat intelligence and research
- Vulnerability assessment and penetration testing
- Security awareness training
- Threat response and remediation
5. Backups
Backups are crucial to recovering from a ransomware attack. The best defence against any security incident is multiple layers of protection, including backups and business continuity plans (BCPs).
Backups are what will help you recover your data after the ransomware attack. There are 2 types of backups:
Onsite backups
These are backups you do on-premises using backup software. They are usually freely accessible or pocket-friendly, but they do not protect against ransomware attacks. This is because files are stored in one location and can be encrypted by ransomware viruses.
Offsite/Hosted backups
These are hosted backups but at a different location, such as a cloud-based storage service like Amazon S3, Google Cloud, Azure or Backblaze B2.
Alternatively, you can use an onsite server and set up replication software to regularly replicate the data to another device/location. This type of backup protects against ransomware attacks because it doesn’t store your files in a single place and can be automatically backed up to the cloud.
On the other hand, BCPs are essential for companies who want to continue operations even after being hit with a ransomware attack. A BCP is a plan that outlines how your company will recover and resume operations after a disaster. This could be anything from a natural disaster like a fire or hurricane to a cyber-attack like ransomware.
When creating your BCP, you need to consider the following:
- Data Availability: This involves determining the amount of data you can lose without impacting your business.
- Recovery Point Objectives (RPO): RPO involves gauging the maximum amount of data you can lose before your company is considered inoperable.
- Recovery Time Objectives (RTO): This is the amount of time you’re willing to wait before your company resumes normal operations
- Infrastructure Requirements: It involves determining the resources you’ll need to recover your data.
- Staffing Requirements: This involves determining the number of staff you’ll need to help with recovery.
A ransomware attack can severely cripple a business. They are not only costly, but can also damage your company’s reputation. However, having a well-rounded security strategy in place can significantly reduce your company’s chances of becoming a victim of ransomware in 2022.
At Pure IT, we work with clients in Calgary, Southern Alberta and beyond its borders to offer managed IT services, IT outsourcing and 24/7 support services. This includes regular consultation and assessment of your company’s IT security needs. Our experts will work with you to create a BCP plan that will keep your business safer in 2022. Contact us today for a free quote.
Thanks to Kenny Riley with VelocityIT in Dallas for his help with this research.