The stunning ransomware attack on a U.S. critical infrastructure provider like Colonial Pipeline has brought the importance of understanding these cyberattacks to organizations if they haven’t already done so.
But as CISOs look for hope on Anti-Ransomware Day, they can consider the advice of one infosec pro: If you’re well-prepared for any cyberattack you’re prepared for ransomware.
”Ransomware is a disaster recovery event,” says Robert Capps, vice-president of innovation at the NuData Security division of Mastercard. “And for a lot of organizations, it’s a fairly mild one. For others, it can be business-impacting.
“When you talk to CISOs about any sort of disaster situation it comes down to resiliency and recoverability. Ransomware is just a fancy disruption attack. There can also be disruption through power outages or provider outages … You’ve got to be able to recover quickly, and those organizations that are ready don’t really sweat ransomware as much as recoverability of systems.”
Capps stressed the importance of having backups and ways of containing and restoring compromised devices. That will prevent them from suffering “any real damage,” from ransomware, he explained.
“Then they can mitigate the exposure to the point where it’s a non-material event,” he added.
Organizations can be broken down into two categories, he suggested: Those that have suffered a cybersecurity issue and those that haven’t. Those that have understand that cybersecurity is about “detect, mitigate and remediate.” Those that don’t often pay a ransom because they’re unprepared.
Anti-Ransomware Day was created in 2020 to boost awareness of this particular type of attack. Cybersecurity vendors around the world are offering a wide range of advice and tools to infosec teams to help defend against it.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert with a long list of advice. The Canadian Centre for Cyber Security has issued its own guidelines for preparing for ransomware attacks.
Kaspersky released a report detailing how many ransomware operations work, and advice for infosec teams. It also notes the risks for companies have never been higher.
“There was a time where SMBs could mostly ignore the challenges posed by information security: they were small enough to stay under the radar of APT (advanced persistent threat) actors, but still big enough not to be affected by random and generic attacks,” the report says in part. “Those days are over, and all companies today are now in a position where they must be prepared to fend off criminal groups.”
Capps advises CISOs to “be prepared for the unexpected.” If they’re prepared for a disaster – an outage, a data loss – CISOs will be more prepared for a cyber incident. When it comes to ransomware, understand it’s going to happen.
“If we think of ransomware as so far outside the realm there isn’t anything we can do about it we’re not going to plan for ways to do something,” he said.