Ransomware Still Going Strong: How Large Companies Can Protect Themselves

Ransomware remains the top cyber threat for organisations of all sizes, with incidents rising steadily yearly. A recent survey shows 77% of businesses reporting attacks in 2021-22, a 14% jump from 2020. However, large enterprises handling sensitive data, like healthcare providers, schools, and critical infrastructure, find themselves prime targets for financially motivated attacks. Without robust contingencies, ransomware can cripple operations, breach confidential data, damage reputation and incur sky-high recovery costs. This article outlines the current threat landscape and expert-recommended steps large organisations must prioritise to guard against crippling ransomware attacks.?

Ransomware's Growing Sophistication?

The typical ransomware attack has changed character significantly, calling for updated defence strategies. Threat actors today scour victim networks for maximum impact before activating their malicious encryption payloads. Initial network access often leverages social engineering against employees. Attackers also research targets for sensitive data like medical records or intellectual property to steal and weaponise if ransom demands are unmet.?

State-sponsored groups with vast resources now deploy ransomware in further geopolitical weaponisation. The explosive proliferation of Ransomware-as-a-Service (RaaS) offerings has also lowered the barrier to entry for novice cybercriminals. Payment demands have skyrocketed to hundreds of thousands or even millions of dollars per incident, especially for healthcare networks or Fortune 500 companies. Without layers of robust safeguards, any large enterprise is now vulnerable regardless of resources or security spending.

Best Practices Key to Prevention?

While 100% prevention may be impossible, organisations can significantly harden defences and minimise business disruption by embracing these security best practices:

1. Implement Least Privilege Access Controls: By limiting user permissions and access to only essential systems, the blast radius of any ransomware infection is contained. Monitoring tools must track access. Multi-factor authentication (MFA) also adds a critical layer of identity protection even if credentials are compromised.
2. Maintain Current Backups Offline: Backups allow restoring data without paying a ransom should an unfortunate infection occur. Storing backups offline and regularly testing recovery ensures alternatives when production data is inaccessible. Modern backup systems enable continuity through accessible images, too.
3. Security Awareness Training for Employees: As email is the vector in most incidents, employees comprise the weakest link. Comprehensive awareness training builds secure habits against common social engineering methods to prevent threats from gaining initial access. Monitoring staff behaviour also helps early detection of infection.
4. Endpoint Detection and Response (EDR) Solutions: Advanced EDR tools provide visibility into threats within IT infrastructure to contain their impact. Capabilities like behavioural monitoring, isolation and automated responses are beneficial against ransomware's rapid encryption attempts across networks.
5. Prompt Software Patching: Regular OS/software updates fix known vulnerabilities that provide exploit pathways for attackers. Automated patching avoids lapses through change freezes or resource bandwidth. Unpatched legacy platforms that cannot update also present a significant risk of compromise.
6. Incident Response (IR) Retainer Contracts: Because quick, expert ransomware IR and remediation services are indispensable but expensive, prepaid IR retainers organised in advance minimise delays in activating support when disasters strike. Table-top exercises with partners further prepare efficient coordination.?

Insurance and Payments: Evaluate with Caution

Cyber risk insurance can offset recovery costs and lost business from outages. But as incidents have risen, premiums and waiting periods for claims processing have also increased. The FBI warns that paying ransom also paints a target on organisations for further extortion. It ultimately comes down to business impact - but consider all options carefully before making emotionally charged decisions when facing crippling attacks.

The Road Ahead?

Ransomware presents a clear and growing menace today, but with evolving criminal tactics, no organisation can afford complacency. Institutionalising best practices offers the most effective path to managing risks. Ultimately, enterprises continue to deliver value regardless of external threats by creating security-conscious cultures focused on cyber resilience. Improvements are always needed, but a proactive stance sets organisations up for success against constantly adapting adversaries.

#ransomware #cybersecurity #dataprotection #cyberresilience #incidentresponse