Your Guide to Protecting Against Ransomware

Unfortunately, we are seeing news articles every week about ransomware attacks in the newspapers and online. Recent examples above include a conveyancing firm which left homebuyers stranded and unable to complete their moves, childcare providers, manufacturing companies and The British Library.

While these ransomware incidents are high-profile, most attacks are against small and midsized businesses where business disruptions and ransom payments can be significant enough to bankrupt victims.

According to a recent Barracuda survey, 73 percent of respondents had experienced a ransomware attack. Of those, 63 percent were hit more than once because they had failed to take the necessary steps to close the security gaps that allowed the first attack.

Attack frequency is also increasing, with ransomware incidents more than doubling in some industries between 2022 and 2023. Many of these attacks are against healthcare organisations, councils, school systems, utilities, and other companies that, while not large, may be more likely to pay a ransom because of how critical their systems are.

So, what can businesses do to help protect themselves from these expensive, disruptive attacks? Unfortunately, there is no silver bullet. Guarding against ransomware requires diligence and a multi-layered security approach.

Download our Guide to Protecting Against Ransomware

Mitigating attack damage from ransomware

At the heart of nearly all successful ransomware attacks is human error, which accounts for more than 80 percent of these incidents, according to several surveys. When unaware employees fall victim to well-constructed social engineering attacks, attackers can quickly steal credentials and gain access to sensitive systems.

Whilst you cannot eliminate human error, you can mitigate the severity of these attacks by educating your staff about essential cybersecurity hygiene, best password management practices, and how to spot and report phishing emails. Companies also need proactive monitoring and threat detection through regular security assessments.
This type of monitoring can help mitigate the damage of these attacks through early detection. In many cases, the threat actors in these attacks are active on the network for as long as 180 days before anyone notices.

There are several best practices that we recommend businesses to deploy to provide comprehensive protection against ransomware:

Asset inventory

Cataloguing all hardware, software, and cloud assets in an organisation to establish a robust security infrastructure. This foundational step helps in designing concentric rings of security, creating multiple defence layers to safeguard critical assets. A well-maintained asset inventory enhances incident response, ensures compliance, and optimises resource allocation for better operational efficiency.

Establish endpoint protection with 24/7 monitoring

Modern endpoint solutions look at behaviour at the endpoint, which provides good first-layer protection. Click here to learn more about endpoint protection.

Update security patches

Unpatched systems can provide easy access to cybercriminals. Businesses need to understand their assets and what needs to be protected. Automated patch management solutions can help keep the entire environment up to date.

Block malicious IP addresses

Using geo-blocking and other restrictions can help harden systems against attack.
Maintain a strong password policy. This requires balancing security with user convenience, but regular password updates can mitigate many attacks. Stolen credentials are worthless if they are changed regularly.

Multi Factor Authentication

MFA is a security mechanism that requires users to provide two or more forms of identity verification before granting access to a system. These factors can include something you know like a password, something you have like a smartphone or security token, and something you are like a fingerprint or other biometric data. By requiring multiple forms of identification, MFA significantly enhances security by making it more difficult for attackers to gain unauthorised access, even if they manage to compromise one of the authentication factors.

Provide security awareness training

Staff need to be aware of how to spot a malicious email, and there should be clear policies around credentials, payment and invoicing processes, and other activities so that social engineering attacks are less likely to succeed.

Establish a data protection strategy

This means offering a solid backup solution and ensuring the backup is secure and everyone understands how restoration processes will work in the event of an attack. Businesses should have an incident response plan and regularly run drills to test it.

Least privilege

Providing individuals or systems with the minimal levels of access or permissions needed to accomplish their tasks. This proactive measure minimises potential damage in the event of a security breach, as malicious actors or processes are limited in what they can access. Implementation requires a thorough analysis of what access rights are necessary for each user or system component, along with regular reviews and adjustments to maintain a tight security posture.

Good cyber hygiene, robust backup and recovery systems, endpoint security, 24/7 monitoring, strong password policies, and automated detection and response can help businesses avoid having their businesses disrupted by these attacks and help avoid paying ransoms.

How MPS can help

MPS can offer advice and assist in providing solutions for this multi-layered security approach, reducing the risks to your business as the ransomware problem continues to grow.

To get the conversation started, simple book a cyber security consultation with one of our experienced team members.

Click here to find out more about our cyber security services.

Download this page as a PDF

News clips from The Times.