Ransomware – A threat to all organisations

We’ve all seen the headlines about oil pipelines, energy companies and enterprises being hit by ransomware attacks. Truly terrible events impacting huge numbers of people. However, the reality is that these events are happening continuously to SMEs worldwide; every day. We only need to look to the news coverage from a couple of weeks ago on the administration of KNP Group (includes the well known “Knights of Old” brand) to see that these events can force the closure of businesses that we perceive to be successful and robust.  

The perception 

Speak to many people and they will tell you that ransomware is a threat to people who fall into one of two categories: 

• Enterprises that are serious financial targets, with an attacker taking their time to meticulously plan and attack. 
• Smaller organisations that have poor security from not implementing items such as multi-factor authentication (MFA). 

However, as you can imagine, the reality is vastly different. 

The reality 

Many ransomware attacks are purely opportunistic. Criminal organisations have the capability to scan the internet systematically in search of susceptible devices with recognized software vulnerabilities, subsequently automating attacks. To illustrate, envision a scenario where a customer’s network is guarded by a firewall that harbours an unpatched vulnerability and is susceptible to a known exploit; the process of launching an attack under these circumstances becomes relatively straightforward. Subsequently, a multitude of tools are available to facilitate establishing a foothold within the network. 

Phishing continues to be the number one attack vector, often the very first link in the chain for a ransomware attack. With MFA now in place for most organisations (if this is not the case for you, then please contact us for assistance), many believe that this will be enough to stop an attack. Unfortunately, this is not the case; whilst MFA significantly helps to reduce attacks; there are exploits that can certainly bypass this. 

What can you do? 

A robust defence is all about ensuring that there are multiple layers in place to make an attack less likely. An example list is below: 

• Train and educate employees on cyber threats using tools such as Security Awareness Training 
• Undertake periodic testing of your defences, from penetration testing through to other exercises that are available 
• Ensure that a robust update and patching mechanism is in place 
• Have cyber insurance in place that will protect you in the event of an incident occurring 
• Have multiple backups in place that are stored off the network, ideally tested periodically for their integrity 
• Implement a dedicated cyber monitoring and detection solution. These dramatically speed up detection time and can then help stop a threat before it becomes disruptive 
• Understand the level of risk to your overall business if systems are unavailable for days or weeks due to a cyber attack 
• Detail an incident response plan should the event occur. This dramatically reduces the time it takes to begin triaging and dealing with an incident, rather than decisions being made ad hoc