Ransomware 101: Three ways to protect your business 2023

April 20th, 2023 Posted in Information Security

Our expert cyber security consultants have advice on ways to protect your business from a ransomware attack. This blog covers three of the most effective methods.

No organisation is immune from a ransomware attack

Organisations of all sizes and sectors have fallen victim to ransomware. We’ve seen a spate of headlines over recent years including educational institutions such as schools, healthcare organisations, financial companies, SaaS companies, manufacturing, construction and energy firms to name a few.

The most infamous example is the NHS WannaCry attack of 2017, which exploited an unpatched vulnerability in the Microsoft Windows 7 operating system. The attack impacted hospitals and GP surgeries across the nation, putting vital patient care at risk. Most recently, the Colonial Pipeline (May 2021), which acts as the central gasoline/petrol delivery artery for the East Coast of America, was brought to a standstill by ransomware and led to Colonial paying a $4.4m ransom.

While these examples can be frightening to think of in the context of your own business, every successful attack is a learning opportunity. Where other businesses’ vulnerabilities have led to an attack, you can ensure these same weaknesses are mitigated.

These incidents also serve as a significant reminder of the benefits of proactive protection. In today’s digital world, customers and suppliers are demanding trust, and excellent cyber security can be a positive competitive differentiator.

By fostering cyber resilience, businesses can safeguard their assets and their reputation, while in turn building credibility among their partners and clients. Here’s our overview of how to protect your company in 3 steps.

1. Neutralise the worst-case scenario

First, we advise you to build up a state of preparedness, so you know how to deal with a ransomware attack if it strikes. The basis of this is an incident response strategy, which should include:

  • Preparation and planning: Whatever the size of your organisation, an incident response plan to refer to during a ransomware incident is essential. The plan should set out roles and responsibilities, detail who is in your incident response team (“IRT”) and layout authority level requirements for invoking the plan and mobilising the IRT.
  • Detection and analysis: The starting point in responding to any ransomware attack is detecting it in the first place. Ideally, you will have tools available to help automate this process, including anti-malware, Intrusion Detection Systems/Intrusion Protection Systems (“IDS/IPS”), Security Information and Event Management (“SIEM”) or even an in-house or managed Security Operations Centre (“SOC”) service.
  • Containment, eradication & recovery: Once an attack is identified, the first step is to contain the breach: disconnect affected systems from the network, segregate sections of the network, disable compromised user accounts and advise users not to connect or use specific systems. When the incident is under control, you have reached the point at which you can reconnect or recover systems.

For a more detailed look at these steps, read our Incident Response guide.

2. Prevent an infection

Second, make sure your systems are secure enough to deter a would-be-attacker. There are plenty of guides out there to help with this. If you’re a small or medium-sized enterprise (“SME”) we suggest you start with the NCSC’s flagship standard of Cyber Essentials, which recommends five simple actions to protect your organisation:

  • Use a firewall to secure your internet connection
  • Choose the most secure settings for your devices and software
  • Control who has access to your data and services
  • Protect yourself from viruses and other malware
  • Keep your devices and software up to date

You can assess your readiness for Cyber Essentials by completing a free self-evaluation. A step further is to achieve Cyber Essentials or, even better, Cyber Essentials Plus, which requires a qualified, independent assessor to validate that these five steps are in place. This includes overseeing vulnerability scans, checking third-party access, and ensuring your software is up to date. We explain everything in our comprehensive guide to cyber essentials.

Saying this, it’s worth noting these standards will not suit every type of business. For larger companies with an international presence, the requirements of Cyber Essentials Plus may cause more disruption than benefits. For example, the Cyber Essentials mandates that software must be patched within 14 days of an update being released (if the update covers any ‘critical’ or ‘high risk’ issues). While this is feasible for most SMEs, it may not be possible for larger companies, who may need to patch during fixed maintenance windows when systems can be brought offline.

In these instances, other excellent options are either ISO27001 or the NIST Cyber Security Framework. ISO27001 is the international standard for an information security management system (“ISMS”). This standard takes a risk-led approach, looking at information security risks across the business, including physical security risks, HR security risks, supplier security risks, as well as IT. A certified ISMS not only indicates you take the management of security seriously but helps to improve your ability to endure and respond to attacks like ransomware.

Many organisations use NIST as it does not have a certification process. Instead, it offers a well-designed framework to assist in establishing a cyber security maturity posture over the five business-critical functions of Identity, Protect, Detect, Respond and Recover.

Standards such as Cyber Essentials, ISO27001 and NIST should build customer confidence and enable your organisation to be cyber-resilient in today’s challenging world.

3. Remember hidden risks

Lastly, it’s important to remember ransomware spreads just like an infection. This means that it can start in one organisation and crawl into the networks and applications of any company it is connected to. It’s therefore vital to think about your suppliers – not just those you buy goods and services from, but those who specifically have access to your IT network.

We advise you carefully consider who can access your data and create a ‘walled garden’ inside your network to keep their work away from yours. As a starting point, we recommend the UK’s National Cyber Security Centre (NCSC) 12 principles, which were created to help companies enable effective control of the supply chain.

The race is on to defeat ransomware

It’s encouraging to note businesses are not alone in the mission to overcome ransomware. Just this month, the Ransomware Task Force released a new report, calling for a coordinated, international, diplomatic and law enforcement-driven effort for beating the ransomware threat.

The Task Force is made up of a group of more than 60 experts, gathered from software companies, cyber security vendors, government agencies, non-profits and academic institutions. Together, they have developed a comprehensive framework for tackling ransomware.

In particular, the strategy calls on national governments to lead the charge and suggests the US should spearhead efforts. In line with this, the US established a Ransomware and Digital Extortion Task Force.

We recently reported on lessons learned from the recent Kaseya attack which highlights the increase in cyber incidents since the beginning of 2020, and the importance of ensuring your incident response team is always prepared. As we always state, no organisation is completely immune from an attack, it’s not a matter of “if”, but more a matter of “when”. Luckily there are some steps you can take in the aftermath of a breach, you may find it useful to read our latest blog “What should you do after a cyber security incident?“.

While the report puts the onus on governments to tackle the threat, your organisation can take concrete steps to protect itself. In doing so, you will not only reduce the likelihood of a ransomware attack but strengthen your organisation’s entire cyber security posture. This resilience is a competitive advantage – one that enables trust in your supplier network and symbolizes a commitment to customers.

Strengthen your cyber security posture with expert cyber security services

If you need help or advice on how to manage your business’ cyber security, we’re here to help. We can advise on your security vulnerabilities, select the right security technology and check your systems are configures correctly. We can also put policies in place and run staff training exercises. Contact us for a friendly chat.

  • This field is for validation purposes and should be left unchanged.

Matt Gerry

Written by Matt Gerry

Matt consults on information and cyber security, including incident response, security awareness and training, security gap analysis and certification advisory. Matt started his career working in large multinationals where he gained experience delivering large system implementations, leading projects, and handling key stakeholder relations. He holds an MSc in Information Security from Royal Holloway, University of London.