Key Points in This Article
Ransomware attacks are on the rise. It’s not hard to see why.
More people, businesses, organizations, and governments are conducting financial transactions online than ever before. And far too many in each group still don’t engage consistently in even basic cybersecurity measures.
Criminals have had success extracting money from large corporations and businesses and organizations of all sizes. And they’ve found success targeting public sector entities like hospitals, universities, and government entities, who’ve failed to exercise appropriate precautions or respond adequately to suspicious network activity.
Cyberattacks can be committed with tools that can be easily purchased online. You can even hire a group of criminals to commit attacks for you these days. Criminals can target individuals and institutions around the world in relative anonymity. And with a patchwork of international laws and dedicated cybercrime law enforcement units, tracking them down and bringing them to justice is often extremely difficult.
And ransomware is proving to be the approach of choice for many criminals and organized criminal gangs. Despite the widespread coverage of this growing threat, many people still aren’t quite sure what it is. And with criminals often gaining the foothold they need from non-IT employees to launch ransomware attacks, everyone must know what they are and what resources are available to mitigate the risk they pose.
Ransomware is a form of malware that targets key systems and programs and encrypts them. These encrypted systems and programs are inaccessible to their owners and can only be rendered usable again by a code known as a decryption key. When a criminal successfully encrypts vulnerable systems, they’ll offer the decryption key in exchange for a payment or ransom (hence, the term ransomware.)
Many companies are compelled to comply. A ransomware attack that ties up key production management systems could cost a business millions of dollars in revenue and reputational damage. As operations idle, the pressure on a business and its leaders grows, and even though they have no assurance they will receive a decryption key or that it will work, they pay the ransom anyway.
Too often, people still believe that successful cyberattacks stem solely from IT department failures. And while it is true that there is a lot that IT can do to mitigate the threat ransomware poses, non-IT employees often bring this threat to their employer’s front door. Often criminals can load malware onto corporate networks because they’ve gained access credentials from an employee. They may have tricked an employee into providing those credentials through a phishing email or malvertising. Sometimes, they trick an individual into downloading an attachment containing ransomware code.
These scenarios play out frequently in organizations without regular cybersecurity awareness training, strong internal IT governance policies, and weak technical controls. And the results can be catastrophic, with some companies unable to survive the financial, legal, and reputational fallout.
Fortunately, there are many steps that businesses and organizations can take to mitigate the risk of ransomware. Some are not technical in nature. Every organization must regularly train all its employees about the evolving field of cyber threats, how they can recognize them, and what steps they should take when they do. Strong IT governance policies must also be in place, along with disciplinary measures when they are violated.
But IT does play a vital role here. Enterprise platforms, like Microsoft 365, have a suite of tools designed to detect, identify, and respond to threats like ransomware and other malware. It’s up to IT departments to unlock and deploy these tools optimally to protect the organization. IT administrators should start by ensuring that the appropriate access controls are implemented. Access to key directories, files, and networks should be restricted to essential employees, which can be done easily using Microsoft 365’s identity and access management tools. Multifactor authentication should also be established.
Too often, overworked IT administrators have offered local access control to different individuals and departments to help them deal with routine yet time-consuming tasks. But providing employees across the organization with greater access allows employees to bypass and disable existing security measures in place, rendering the business more vulnerable. And if a criminal gains access to those credentials, the damage they can do can be catastrophic.
IT administrators must all ensure that firewalls are operational and configured optimally. And while firewalls can keep intruders at bay, your in-house cybersecurity employees or MSSP must keep a close and constant eye on your network activity. Suspicious activity should immediately be investigated to determine the appropriate response. And while Microsoft 365 has robust enterprise security defenses, businesses should consider supplementing them with Managed Detection and Response (MDR), a service many MSSPs offer. It involves proactively hunting and responding to threats across an organization’s IT infrastructure rather than taking a reactive approach and responding when incidents are detected.
Businesses are not immune to cyberattacks even with the most robust security measures. IT administrators must have a well-designed system of backups and plans to retrieve them rapidly when disaster strikes. The quicker backups can be retrieved, the quicker a business can resume operations. However, too often, businesses don’t check to ensure their backup systems are working as intended or that employees and departments are trained and ready to recover data rapidly.
Microsoft 365 Business Premium also offers IT administrators malware detection, file recovery, and mobile device management, among other critical security applications. Properly configured as part of a comprehensive cybersecurity plan, these applications can help mitigate the risk of ransomware. But it won’t stop criminals from attempting to penetrate your network. Cybersecurity professionals know that the priority is preventing a criminal from successful intrusion and to do so requires the right personnel, processes, and resources. For many businesses, utilizing an MSSP gives them the capacity necessary to prevent the worst possible outcomes.