7 Ransomware Mitigation Tactics for the Enterprise

The news is filled with examples of companies being exploited by cybercriminals’ ransomware attacks, left with their information held hostage unless they pay a hefty fine. While you may think that ransomware can’t happen to your organization, or isn’t as widespread as it may seem, think again.

According to a recent study by security firm Malwarebytes, at least 41 percent of U.S. enterprises had been hit with at least one ransomware threat, with some reporting up to five occurrences, in the past year. Another six percent experienced more than six threatening instances. More troubling still, the report found that 80 percent of companies had experienced some form of a cyber breach in the last 12 months.

Is Ransomware Really That Common?

In 2015, the FBI saw a significant increase in reported ransomware attacks and expect occurrences to continue to grow through 2016. According to Malwarebytes, “Decision makers in US organizations have a relatively low level of confidence in their ability to effectively stop ransomware, and are less confident about ransomware prevention than their counterparts in Canada, Germany and the United Kingdom. Just 4 percent of US organizations are “very confident” in their organization’s ability to stop ransomware.”

The FBI recommends against paying the ransom to get stolen files back, and instead stresses the importance of prevention efforts through both the training of employees and employing robust security tactics, in addition to properly planning for an attack through a comprehensive business continuity and disaster recovery plan.

Defend Against a Ransomware Attack with these 7 Tactics

Our Director of Technology Solutions Greg LaBrie recently shared his advice for stopping ransomware with Digital Guardian. At WEI, he leads the development of practices focused on Data Center Infrastructure, Storage, Backup, Disaster Recovery, Networking, Security, Cloud and Virtualization; here are his thoughts from the article: "Since hacking, malware, and ransomware are rapidly evolving, here are seven commonly overlooked tactics to help mitigate these risks."

1. Update end-user operating systems and applications.
   Keeping your software up-to-date will help ensure systems are in tip-top shape and able to fight against incoming security threats.
2. Develop a formal security strategy.
   Good enterprise security begins with a strong and comprehensive strategy. This isn’t something to put off for later; it’s crucial that cybersecurity is a topic of discussion in the boardroom and that managers lead team awareness trainings at least once per year.
3. Review your service provider’s security policy.
   Every cloud provider is different, so be sure to thoroughly read their policies. That way, you can prepare to patch potential security holes from your end.
4. Allow users to request new cloud services and applications to avoid shadow IT.
   If you don’t provide your IT team with the tools, services, applications and software they need to do their jobs, it increases the likelihood that they will download them themselves, opening the door for shadow IT, a possible network security breach or an accidental malware download.
5. Step up monitoring, especially for machine-to-machine communication.
   By monitoring your network in real-time, you’ll be able to catch potential security threats and vulnerabilities before they manifest into big problems.
6. Review cloud insurance coverage.
   Not all cloud insurance providers are created equally. Be sure to chat with them about what’s covered in the event of an emergency situation, such as a natural disaster, data loss or ransomware attack.
7. Use network segmentation to avoid “putting all your eggs in one basket.”
   One piece of your comprehensive security puzzle should be to focus on network segmentatio. By separating key business functions, a cybercriminal will have to jump through more hoops to steal your data, increasing the amount of time you have to fight back.

Malwarebytes found that the finance and healthcare industries are most likely to be the victim of a ransomware attack. Want to know more? Read Digital Guardian’s full article here to find out more about protecting your enterprise against ransomware attacks, including several actionable strategies from 43 other technology industry leaders.