One thing is becoming evident as ransomware attacks increase in frequency and impact: businesses can take additional precautions. Unfortunately, many companies are failing to do so. Most victims are sufficiently warned about potential weaknesses yet unprepared to recover when hit.
Robust ransomware prevention is more important than ever. This becomes very clear when you consider what causes the majority of ransomware attacks nowadays. Some are caused by errors that are easily avoidable.
Let’s examine some of the most common issues that leave organizations vulnerable to ransomware attacks.
Failure to present a compelling narrative in business terms
No company is immune to attackers. The key to prevention is early detection using increasingly sophisticated intrusion detection and a sequence of barriers for attackers to overcome (such as network segmentation, identity verification, authentication, etc.). Security professionals are familiar with this. However, persuading company executives to invest more in security is an entirely different problem.
Security leaders must create a convincing business case that includes risk and verifiable business effects to justify the additional expense and tighter controls. The story should make it easier for top leadership to weigh the costs of increased protection against the costs of security breaches.
For example, both recent reports by Verizon and IBM agree that ransomware is responsible for 24% of all data breaches. The IBM report explains that the average cost of a ransomware attack rises to $5.13 million, much higher than the global average of data breaches. The same report highlights that data breach costs drop significantly if companies invest in prevention technologies and policies such as incident response, security AI and automation, and threat intelligence.
Lack of ransomware readiness testing
Pen testing is the ideal place to start when it comes to proactive testing. Stopping at penetration testing without validating the entire incident response is where organizations err. This is especially important for larger enterprises that must immediately coordinate evaluation, containment, and recovery with numerous teams.
Running red teaming engagements, where you test your security architecture as a whole, is therefore equally important. The outcomes of red team engagements are used as instructional material for internal security teams so they can learn from any flaws found. Even companies with well-developed security profiles and established response strategies may experience weaknesses, including poor collaboration between security and business workers, restricted system visibility, and inadequate or unsafe tool setup.
Ransomware is a technical attack
Unfortunately, many people believe cybersecurity belongs to "tech guys" or their cybersecurity team, but this is incorrect. While having strong cybersecurity is essential, many data breaches involve social engineering techniques like phishing, the most popular attack vector for ransomware.
It becomes crucial to have a basic understanding of cybersecurity to stop ransomware assaults. Everyone in an organization must be aware of social engineering attacks and how to recognize them. The best ransomware prevention for modern digital firms is to provide staff with the information they need to understand cybersecurity and become the first line of defense.
Focus on reaction instead of being proactive
Prioritizing damage control over prevention, action, and knowledge sharing is a common mistake. The moment has come for security practitioners to adopt a new way of securing an expansive digital ecosystem. Think like an aggressor and start by attacking your own business. Simulate breaches in real-world scenarios. Know the game as well as attackers do and be better prepared.
Instead of viewing preventative measures as an "extra," we should view them as necessary for testing our carefully constructed security architecture. The goal is to make the attackers' life hard, to damage the return on their investment in time and effort to breach your company. Instead of letting criminals discover our security holes, doing your homework and hardening your company is much better.
Create a complex environment (and forget the basics)
With so many security technology solutions and the hype surrounding many of these (i.e., AI and all these fancy jargon acronyms), it is easy to be distracted and ultimately create a needlessly complex cybersecurity landscape. Although innovation and technology are great – and we all need some automation to alleviate overwhelmed security teams – we must not forget the basics of cybersecurity.
By focusing on those foundations – vulnerability and patch management, access controls, tested backups, and data encryption – we can rest assured that we can mitigate the majority of ransomware attempts without introducing unnecessary complexity that leads to human errors. The Verizon 2023 DBIR report shows that 74% of data breaches involve the human factor in one way or the other. If we can lower that percentage, we have made a significant step toward more robust and effective ransomware prevention.
If you want to discover more business mistakes to avoid when securing your enterprise against ransomware, download the latest report by Fortra.