Ransomware attacks globally nearly doubled in 2021. BitSight’s Ransomware for Dummies book reveals indicators of potential attacks, and how to minimize costly damage when successful ransomware targets you.
It’s a question more people are asking with each passing day:
How do I know if I am at risk for a ransomware attack?
Unfortunately, the fact that so many are posing this question reveals how unprepared many organizations are in the face of rising ransomware challenges. Ransomware attacks are getting bigger and bolder. There are those that are well known, like the Colonial Pipeline attack, and those that get less attention but are no less insidious, like the LockBit ransomware threat that hobbled Accenture. In each case, organizations likely thought they were well prepared for potential cyber attacks.
They were not. Nor were the numerous other organizations that fell victim to ransomware in 2020, resulting in losses of over $29.1 million.
Now, the question becomes, what’s going on here? And, what can you do about it?
Why is ransomware a growing threat?
A big reason is because attackers are rapidly evolving their ransomware strategies and tactics. They’re becoming more efficient, sophisticated, and stealthy.
Hackers have become extraordinarily adept at planting the seeds of ransomware--infiltrating a company’s servers, for instance--while going completely undetected. For example, Accenture was actually writing a report on ransomware as the organization was being attacked (they found out a few days into the attack).
In other words, by the time attackers make their demands, the organization is already at a significant disadvantage, because it’s already been infected. The attackers have the upper hand, and companies have a choice: either ignore the ransom demands and leave their data and organizations at risk, or pay up and hope their money is ultimately recovered. You don’t want to face either option.
What can I do to prevent a ransomware attack?
The best way to prevent a ransomware attack is to proactively monitor your network’s security posture, identify potential vulnerabilities, and address those vulnerabilities before a hacker can take advantage of them.
Continuous monitoring--in which your network is continuously assessed and scanned for vulnerabilities--is one of the most effective methods you can employ. Unlike annual or periodic security audits, continuous monitoring provides you with immediate insights into your risk profile at any given time, thereby allowing you to remediate vulnerabilities and improve your profile before an attacker has a chance to access your network. You can monitor not only your own security posture but also that of the third parties you work with to ensure that your supply chain remains secure.
Security ratings are among the most easily understood continuous monitoring tools you can use to minimize your chances of becoming the victim of a ransomware attack. Security ratings provide data-driven insights into your (and your third parties’) propensity for risk. A higher security rating indicates a well-fortified organization that’s less likely to experience a cyber attack, while a lower rating signifies a highly vulnerable target that attackers could exploit.
What is the likelihood of a ransomware attack?
BitSight research shows your likelihood of a ransomware attack increases the lower your security rating. For instance, organizations with a rating between 300 to 500 are 7.9 times more likely to be the victims of ransomware attacks. Meanwhile, organizations with a rating 750 or above are far less likely to be victimized:
How does BitSight determine its security ratings?
BitSight uses data from more than 100 sources to compile its security ratings. With this data, we study a number of different factors that hackers typically employ or exploit in ransomware attacks, including known vulnerabilities, open ports, and more. We also look for compromised systems, evidence of different types of attack methods, and other metrics to determine an organization’s overall rating. In addition, we consider things like user behavioral patterns, patching cadence, and other factors that impact an organization’s security posture.
Can ransomware attacks be prevented?
That’s actually not the right question to ask. Because, at the end of the day, no cyber risk mitigation measures should be considered 100 percent foolproof. Despite your best efforts, the fact remains that attacks aren’t a matter of if, but when.
Therefore, the right question is can I prevent ransomware attacks from being successful?
The answer to that is an unequivocal yes! With the right measures in place, you can greatly minimize the chances of a successful ransomware attack on your organization. To do that, you must implement strategies and technologies to stay informed, at all times, of your organization’s propensity for cyber risk. With that information in hand, you’ll be able to proactively and continuously bolster your defenses to keep the growing risk of ransomware at bay.