ARTICLE | June 17, 2022
Authored by RSM Canada
Ransomware is now the most common cybersecurity threat among North American businesses, affecting organizations of all sizes. Ransomware attacks have grown during the COVID-19 pandemic, as cybercriminals take advantage of the more vulnerable landscape that has resulted from a drastic shift to widespread remote work strategies.
We are now seeing more opportunistic attacks because cybercriminals no longer need to be very experienced to break into an organization. In fact, threat actors have turned ransomware into a profitable business, with premade ransomware-as-a-service (RaaS) platforms growing in popularity. As ransomware attacks continue to evolve and become more sophisticated, companies must take proactive steps to address the growing risks.
The current state of ransomware attacks
Considering the current ransomware environment, it’s no surprise that many middle market companies said they know a peer who has suffered an attack or have been a target themselves. The RSM US Middle Market Business Index 2022 Cybersecurity Special Report found that 41% of middle market executives know of a company that has been a target of a ransomware attack, and 23% have experienced an attack themselves. Compounding the issues related to a ransomware attack, 7% of executives experienced more than one attack in 2021. This is a common tactic by cybercriminals—once a breach occurs, they will continue to attempt to attack the company until it proves that its network is secure.
Middle market executives appear to understand that ransomware is not going away and the threat is only growing. In fact, 62% of respondents in the RSM survey said their organizations are likely targets for ransomware attacks this year, a 5% increase from last year’s report.
Taking protective measures against ransomware
The unfortunate reality is that ransomware will continue to be a threat moving forward, and you may not be able to prevent ransomware from entering your organization. Many threat actors are sophisticated enough that, given enough time, they’ll likely be able to bypass controls and enter your environment. So you must consider two things when developing a response to ransomware risks: how to make your business less of a target and how to limit damage if someone does manage to access your organization.
While nothing can completely protect your organization against ransomware attacks, the following actions can help to reduce the potential or scope of an attack:
Follow a cybersecurity framework
Some helpful guidance has recently been published from respected organizations to help curb the spread of ransomware attacks. For example, last year the National Institute of Standards and Technology (NIST) released a fact sheet and infographic and the NIST IR 8374 (Cybersecurity Framework Profile for Ransomware Risk Management) with tips and tactics to protect against threats and recover from a potential attack.
Develop an incident response ransomware playbook
Your organization can leverage available guidance and advice to develop a strategy that outlines what you should do if you suffer an attack. A ransomware situation is a chaotic event, but every minute matters. The longer it takes you to respond to an attack, the more costly it will be from a forensics perspective and from a disclosure perspective.
The ability to detect an attacker and then respond to the event is the only thing that is preventing a huge financial liability from that specific attack. Therefore, eliminating any potential ambiguity must be a priority.
Make sure your cyber insurance policy is up to date
With the prevalence of cybersecurity threats, an effective cyber insurance policy has never been more important. However, the cyber insurance landscape has changed significantly recently, with reduced coverage limits, rate increases and more underwriting scrutiny as vendors pay out more claims.
However, even with the changes to cyber insurance policies, it is still a necessary part of your cybersecurity posture. You should consult with your insurance provider to ensure that your policy continues to align with your risks and take steps to put yourself in a more advantageous position from a coverage perspective.
Ensure you have strong business continuity and disaster recovery procedures
From a business continuity perspective, your organization should implement thorough segmentation for networks and applications to make it more difficult for an intruder to move around once they get inside.
Following a disruption, how quickly can you recover? An effective disaster recovery strategy is not only helpful during a natural disaster, but it can help transition or restore operations while limiting downtime during a ransomware event.
Consider managed services
A growing number of smaller and mid-sized companies are leveraging third-parties to manage core security functions essential to the mitigation of ransomware risks. Those functions include, but are not limited to, some of the below activities:
- Managed security monitoring
- Managed endpoint detection and response
- Managed patch and vulnerability management
Ransomware risks are evolving so fast, and some companies simply do not have the internal talent and experience to keep up. Rather than put the company at more risk, outsourcing to an organization with more experience and resources often makes the most sense.
Outsourced cybersecurity solutions are increasing in popularity as a practical alternative to managing security in-house. As the frequency and severity of threats continue to escalate, implementing a solution and maintaining it may no longer be feasible for many companies.
Undergo technical testing
A trusted third-party can evaluate your security environment and perform technical testing to determine the likelihood and impact of a ransomware attack. For example, RSM provides a comprehensive ransomware risk assessment that evaluates the potential risk and spread of an infection through penetration testing techniques, analyzes business continuity and incident management programs, performs a ransomware tabletop exercise, and can help remediate any specific issues identified.
Ransomware has always been a concern, but risks are evolving at a rapid pace, and the threat is now very real for companies of all sizes. As with many types of cybersecurity attacks, the criminals are more advanced than many of the controls, and your organization must use available resources to develop a security approach that includes strategies to both prevent and remediate ransomware attacks in order to limit financial exposure and reduce downtime.
This article was written by Andrew Weidenhamer and originally appeared on 2022-06-02 RSM Canada, and is available online at https://rsmcanada.com/insights/services/risk-fraud-cybersecurity/ransomware-protecting-your-business-against-evolving-risks.html.
RSM Canada Alliance provides its members with access to resources of RSM Canada Operations ULC, RSM Canada LLP and certain of their affiliates (“RSM Canada”). RSM Canada Alliance member firms are separate and independent businesses and legal entities that are responsible for their own acts and omissions, and each are separate and independent from RSM Canada. RSM Canada LLP is the Canadian member firm of RSM International, a global network of independent audit, tax and consulting firms. Members of RSM Canada Alliance have access to RSM International resources through RSM Canada but are not member firms of RSM International. Visit rsmcanada.com/aboutus for more information regarding RSM Canada and RSM International. The RSM trademark is used under license by RSM Canada. RSM Canada Alliance products and services are proprietary to RSM Canada.