Ransomware attacks are on the rise.
In the first half of 2021, global ransomware attacks increased by a staggering 151%. Over the year there have been many high-profile ransomware attacks targeting large companies around the world, including the widespread attacks on Kaseya and Colonial Pipeline.
The Canadian Center for Cybersecurity (“CCCS“Suggested several reasons for the rise in ransomware activity, including the shift to online operations during the pandemic and the increasing sophistication of cybercriminals. Perhaps most troubling is the emergence of “ransomware-as-a-service,” where developers sell or rent their ransomware programs to other cybercriminals in exchange for a percentage of the victim’s ransom payment.
Still, as the CCCS has found, organizations can prevent or mitigate the vast majority of ransomware attacks by implementing basic cybersecurity measures. For this reason, the CCCS published a ransomware playbook on November 30, 2021 (the “Playbook“To help companies prepare for and respond to ransomware attacks.
What is ransomware?
Ransomware is a type of malicious software that threatens to publish a victim’s database or permanently block access unless a monetary amount is paid. Ransomware incidents can devastate organizations by disrupting their critical functions that depend on network and system connectivity.
Which companies are cybercriminals targeting?
Businesses of all sizes can be targeted by ransomware attacks. While attacks on larger companies can be more lucrative for cybercriminals, the Playbook notes, cybercriminals often view small and medium-sized businesses as weaker security measures, making them easier targets.
The following factors make a company a more likely target for a ransomware attack:
- The company has access to sensitive data that can be used directly, such as B. Social Security numbers, credit card numbers, or other financial information;
- The company has access to personal information that individuals do not want to divulge, such as: B. Medical or religious information;
- Data is a critical part of corporate business, so any disruption to corporate systems would bring their entire business to a standstill (increasing the likelihood that the company will pay the ransom);
- The company owns valuable customer data or intellectual property, such as trade secrets;
- The company participates in critical infrastructures such as vital medical services; or
- The company is affiliated with a company that meets any of the above descriptions.
The first half of the playbook focuses on how a company can defend itself against ransomware. It includes cyber defense planning and basic cybersecurity controls. When it comes to cyber defense planning, the playbook provides a useful overview of the principles to consider when developing (i) a backup plan, (ii) an incident response plan, and (iii) a recovery plan.
In terms of cybersecurity controls, the Playbook provides a list of useful data security measures including, but not limited to:
- Perimeter defensesuch as firewalls, anti-phishing software, and virtual private networks;
- Logging and notificationto track activity across the system, creating an audit trail;
- Penetration teststo assess vulnerabilities;
- Network segmentationto control and restrict access to information in your IT system; and
The second half of the playbook focuses on recovery from ransomware attacks. It includes immediate actions companies should take in the event of a security breach and actions to help a company get its business back online as soon as possible after an attack.
The playbook is a useful tool for companies of all sizes to assess their readiness for a ransomware attack and prepare accordingly. However, organizations need to take a contextual approach to data security that takes into account the nature of their business and their data and security systems. Developing and maintaining a comprehensive ransomware strategy requires the input of legal and IT experts.
#Canadian #Center #Cyber #Security #publishes #ransomware #playbook