Ransomware: Protecting your business against evolving risks
Authored by RSM US LLP
Ransomware is now the most common cybersecurity threat among U.S. businesses, affecting organizations of all sizes. Ransomware attacks have grown during the COVID-19 pandemic, as cybercriminals take advantage of the more vulnerable landscape that has resulted from a drastic shift to widespread remote work strategies.
We are now seeing more opportunistic attacks because cybercriminals no longer need to be very experienced to break into an organization. In fact, threat actors have turned ransomware into a profitable business, with premade ransomware-as-a-service (RaaS) platforms growing in popularity. As ransomware attacks continue to evolve and become more sophisticated, companies must take proactive steps to address the growing risks.
The current state of ransomware attacks
Considering the current ransomware environment, it’s no surprise that many middle market companies said they know a peer who has suffered an attack, or have been a target themselves. The RSM US Middle Market Business Index 2021 Cybersecurity Special Report found that 42% of middle market executives know of a company that has been a target of a ransomware attack, a slight increase over 2020’s data and an 11% increase since 2018.
Thirty-three percent of survey respondents disclosed that they experienced a ransomware attack or demand in the last year, the highest number since ransomware became a focus of the survey four years ago, and a 10% increase from last year. Compounding the issues related to a ransomware attack, 11% of executives experienced more than one attack in 2020. This is a common tactic by cybercriminals—once a breach occurs, they will continue to attempt to attack the company until it proves that its network is secure.
Middle market executives appear to understand that ransomware is not going away and the threat is only growing. In fact, 57% of respondents in the RSM survey said their organizations are likely targets for ransomware attacks this year, an 8% increase from last year’s report.
Taking protective measures against ransomware
The unfortunate reality is that ransomware will continue to be a threat moving forward, and you may not be able to prevent ransomware from entering your organization. Many threat actors are sophisticated enough that, given enough time, they’ll likely be able to bypass controls and enter your environment. So you must consider two things when developing a response to ransomware risks: how to make your business less of a target and how to limit damage if someone does manage to access your organization.
While nothing can completely protect your organization against ransomware attacks, the following actions can help to reduce the potential or scope of an attack:
Follow a cybersecurity framework
Some helpful guidance has recently been published from respected organizations to help curb the spread of ransomware attacks. For example, the National Institute of Standards and Technology (NIST) released a fact sheet and infographic in May and the NIST IR 8374 (Cybersecurity Framework Profile for Ransomware Risk Management) in June with tips and tactics to protect against threats and recover from a potential attack.
Develop an incident response ransomware playbook
Your organization can leverage available guidance and advice to develop a strategy that outlines what you should do if you suffer an attack. A ransomware situation is a chaotic event, but every minute matters. The longer it takes you to respond to an attack, the more costly it will be from a forensics perspective and from a disclosure perspective.
The ability to detect an attacker and then respond to the event is the only thing that is preventing a huge financial liability from that specific attack. Therefore, eliminating any potential ambiguity must be a priority.
Make sure your cyber insurance policy is up to date
With the prevalence of cybersecurity threats, an effective cyber insurance policy has never been more important. However, the cyber insurance landscape has changed significantly recently, with reduced coverage limits, rate increases and more underwriting scrutiny as vendors pay out more claims.
However, even with the changes to cyber insurance policies, it is still a necessary part of your cybersecurity posture. You should consult with your insurance provider to ensure that your policy continues to align with your risks and take steps to put yourself in a more advantageous position from a coverage perspective.
Ensure you have strong business continuity and disaster recovery procedures
From a business continuity perspective, your organization should implement thorough segmentation for networks and applications to make it more difficult for an intruder to move around once they get inside.
Following a disruption, how quickly can you recover? An effective disaster recovery strategy is not only helpful during a natural disaster, but it can help transition or restore operations while limiting downtime during a ransomware event.
Consider managed services
A growing number of smaller and mid-sized companies are leveraging third-parties to manage core security functions essential to the mitigation of ransomware risks. Those functions include, but are not limited to, some of the below activities:
- Managed security monitoring
- Managed endpoint detection and response
- Managed patch and vulnerability management
Ransomware risks are evolving so fast, and some companies simply do not have the internal talent and experience to keep up. Rather than put the company at more risk, outsourcing to an organization with more experience and resources often makes the most sense.
Outsourced cybersecurity solutions are increasing in popularity as a practical alternative to managing security in-house. As the frequency and severity of threats continue to escalate, implementing a solution and maintaining it may no longer be feasible for many companies.
Undergo technical testing
A trusted third-party can evaluate your security environment and perform technical testing to determine the likelihood and impact of a ransomware attack. For example, RSM provides a comprehensive ransomware risk assessment that evaluates the potential risk and spread of an infection through penetration testing techniques, analyzes business continuity and incident management programs, performs a ransomware tabletop exercise, and can help remediate any specific issues identified.
Ransomware has always been a concern, but risks are evolving at a rapid pace, and the threat is now very real for companies of all sizes. As with many types of cybersecurity attacks, the criminals are more advanced than many of the controls, and your organization must use available resources to develop a security approach that includes strategies to both prevent and remediate ransomware attacks in order to limit financial exposure and reduce downtime.
This article was written by Andrew Weidenhamer and originally appeared on 2021-09-10.
2021 RSM US LLP. All rights reserved.
RSM US Alliance provides its members with access to resources of RSM US LLP. RSM US Alliance member firms are separate and independent businesses and legal entities that are responsible for their own acts and omissions, and each are separate and independent from RSM US LLP. RSM US LLP is the U.S. member firm of RSM International, a global network of independent audit, tax, and consulting firms. Members of RSM US Alliance have access to RSM International resources through RSM US LLP but are not member firms of RSM International. Visit rsmus.com/aboutus for more information regarding RSM US LLP and RSM International. The RSM(tm) brandmark is used under license by RSM US LLP. RSM US Alliance products and services are proprietary to RSM US LLP.
Daniells Phillips Vaughan & Bock is a proud member of RSM US Alliance, a premier affiliation of independent accounting and consulting firms in the United States. RSM US Alliance provides our firm with access to resources of RSM US LLP, the leading provider of audit, tax and consulting services focused on the middle market. RSM US LLP is a licensed CPA firm and the U.S. member of RSM International, a global network of independent audit, tax and consulting firms with more than 43,000 people in over 120 countries.
Our membership in RSM US Alliance has elevated our capabilities in the marketplace, helping to differentiate our firm from the competition while allowing us to maintain our independence and entrepreneurial culture. We have access to a valuable peer network of like-sized firms as well as a broad range of tools, expertise and technical resources.
For more information on how Daniells Phillips Vaughan & Bock can assist you, please call (661) 834-7411.