Twenty-seven percent of malware incidents reported in 2020 can be attributed to ransomware. Ransomware — cyber extortion that occurs when malicious software infiltrates computer systems and encrypts data, holding it hostage until the victim pays a ransom — can have a bigger impact on an organization than a data breach.

In the short term, ransomware can cost companies millions of dollars, and a potentially even greater loss over the long term, impacting reputation and reliability. From top healthcare providers and retailers in the U.S. to insurance providers in the Middle East, ransomware attackers are proving to be a continuing cybersecurity threat.

In some recent cases of ransomware attacks, the victim organizations have paid huge amounts to the attackers, which can be one of the reasons these attacks are getting more popular.

#1: Conduct initial ransomware assessments

Conduct risk assessments and penetration tests to determine the attack surface and current state of security resilience and preparedness in terms of tools, processes and skills to defend against attacks.

#2: Enforce ransomware governance

Establish processes and compliance procedures that involve key decision-makers in the organization, even before preparing for the technical response to a ransomware attack. Ransomware can escalate from an issue to a crisis in no time, costing an organization revenue loss and creating a damaged reputation.

#3: Maintain consistent operational readiness

Conduct frequent exercises and drills to ensure that systems are always able to detect ransomware attacks. Build regular testing of incident response scenarios into the ransomware response plan.

Test, test and retest at regular intervals to check for vulnerabilities, noncompliant systems and misconfigurations. Ensure that incident response processes are not themselves reliant on IT systems that may be affected by ransomware attacks or unavailable in case of a serious incident.

#4: Back up, test, repeat ransomware response

Back up not only the data but also every nonstandard application and its supporting IT infrastructure. Maintain frequent and reliable backup and recovery capabilities. If online backups are used, ensure that they cannot become encrypted by ransomware. Harden the components of enterprise backup and recovery infrastructure against attacks by routinely examining backup application, storage and network access and comparing this against expected or baseline activity.

#5: Implement the principle of least privilege

Restrict permissions and deny unauthorized access to devices. Remove local administrator rights from end-users and block application installation by standard users, replacing this with a centrally managed software distribution facility.

#6: Educate and train users on ransomware response actions

Research government and regional authorities that have provided guidelines on how organizations can fortify their network infrastructure against ransomware. CISOs and security leaders can use guidelines such as these to create a basic training program for all staff in the organization. However, ransomware preparedness training needs to be customized to the organization for better results.