Ransomware attacks are more common than ever and continue to spread havoc across numerous companies. In the first half of 2022, there were 236.1 million global ransomware attacks. Despite high-profile headlines about ransomware attacks on Colonial Pipeline last year and the attack on Suffolk County New York last month, companies appear to be unprepared to prevent or respond to similar attacks. A recent State of Ransomware Preparedness Report revealed only 30% of surveyed companies had a ransomware-specific playbook.
Struggling With Basic Cybersecurity Hygiene
Active phishing training has improved, however, it is still not done by 40% of companies. Most companies struggle with the fundamentals of cybersecurity hygiene and risk management. Whether it’s ensuring significant vulnerabilities are patched within 24 hours or assuring continuous security of high-value privileged accounts, the practices and controls that appear to be easiest to implement are the ones that companies struggle with the most. Only 24% of companies patched their systems within a day, a frightening figure given modern companies’ ongoing digitization. Business leaders in every industry shouldn’t wait for ransomware attacks to be their wake-up call. Additionally, they shouldn’t expect their cyber insurance carriers to cover their losses if companies lack even basic cybersecurity maturity.
Role Model in Proactive Behavior
Companies and organizations could learn from the federal government’s playbook as role models for being proactive in the fight against ransomware. The Biden administration released a fact sheet detailing their efforts to strengthen America’s cybersecurity, including ransomware.
The Administration formed the International Counter-Ransomware Initiative (CRI), bringing global partners together to confront the epidemic of ransomware. The White House is hosting international partners to accelerate and broaden the collaborative work. The organization has increased collective resilience, engaged the private sector, and disrupted threat actors and their infrastructure.
Making It Tough for Cybercriminals
Various initiatives have made it more difficult for cybercriminals to move illicit money as the United States has sanctioned various cryptocurrency mixers that ransomware threat actors commonly use to collect and clean their illicit gains. Additionally, numerous cybercriminals have been extradited to the United States to face justice for their crimes.
Several emerging patterns were discovered that provide insights into why companies are becoming increasingly vulnerable to ransomware attacks. There are seven important areas where companies typically lack in developing and maintaining fundamental cybersecurity practices.
- Managing privileged access
- Improving fundamental cyber hygiene
- Lowering supply chain and third-party risk exposure
- Monitoring and defending networks
- Managing ransomware incidents
- Identifying and fixing vulnerabilities as soon as possible
- Improving cybersecurity education and awareness
On a positive note, a survey showed that numerous companies had taken at least some basic steps to ensure their networks’ security. The steps include:
- Anti-virus solutions that utilize behavioral analysis (89% of respondents)
- Restricting unnecessary ports, protocols, services, and software (89%)
- Countermeasures in preventing malicious payloads from websites being delivered (86%)
- Controls over potentially vulnerable services, including remote desktop protocol (83%)
- Internet traffic is routed through security appliances, including DNS or web proxy filters (83%)
Even though the statistics are encouraging, the exponential growth of ransomware attacks demonstrates that companies need to consider the practices as essential to their cybersecurity program, providing the foundation for future improvement that will be required to keep up with ransomware innovation and velocity.
The emerging attacks demonstrate that ransomware threat operators aren’t waiting for companies to get the fundamentals right and will continue to exploit weaknesses to their advantage. It’s important for companies to always remain vigilant of the current threat landscape and have basic cybersecurity hygiene and incident response plan in place. At SpearTip, our gap analysis allows our certified engineers to discover blind spots in companies that can lead to significant compromises by comparing technology and internal personnel. With a firewall review, our engineers analyze the configurations and interactions of companies’ network infrastructure with skilled penetration testers. We discover vulnerabilities in firewall systems allowing companies to use their valuable resources to evaluate and prioritize fixes by providing visibility of actual network gaps, including existing false negatives. Our ShadowSpear Threat Hunting allows our engineers to evaluate the effectiveness of companies’ current security measures, including email systems, to determine environments’ overall health and prevent breaches.
If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.