Ransomware Attacks - Is Your Company Prepared?

According to an article published earlier this year in CFO Magazine – 91% of companies around the globe feel vulnerable to cyberattacks. Jason Sgro, security and compliance expert at The ATOM Group and a strategic Axis partner, recently led an Axis Webinar to discuss the increase in ransomware attacks and what companies can do to significantly reduce or eliminate their impact.

In the past twelve months, some 79% of companies reported experiencing some form of cybercrime as part of a PWC State of Information Cyber Security Survey. The key challenge for these companies is coming up with an effective plan to minimize risk moving forward.

“We find many clients have a sense of this growing threat around security – and specifically around ransomware – but they aren’t totally sure how to gauge their exposure,” said Joe Paquet, Vice President at Axis Business Solutions. “Our ability to bring Axis experience to the table along with expertise from Jason and The Atom Group provides a highly skilled team to collaborate with their IT team to define areas for improvement and establish a game plan moving forward.”

A common starting point is to help define the issue. Understanding current malware and ransomware threats helps the team identify the proper solution. A few key points regarding ransomware:

  • Ransomware is a type of malware that prevents you from using your computer or accessing your files unless you pay a “ransom”.
  • It often encrypts files so they can not be opened.
  • In 2017 there were over 4000 ransomware attacks in the US infecting over 100,000 PCs per day.
  • The number of attacks in 2017 increased 300% over 2016 – and that type of trend is expected to continue.

There are a variety of preparation options to consider as a company plans for a cyber infection. Things like insurance, ability to pay a ransom, and the state of your current network are near the top of that list.

“If you decide to make a ransom payment – what can you expect? Will things play out the way you hope?” asked Paquet. “Knowing how to manage that process to a positive conclusion is pretty important, otherwise you may be throwing money away.”

Establishing a perimeter and being able to monitor it’s health and effectiveness is also critical. As attacks become more and more sophisticated, having visibility into your defense and it’s effectiveness must be considered. In addition, having someone to watch the security landscape to proactively tune or upgrade your systems is an absolute must.

In the event you experience an attack you must be prepared to act quickly. Sgro identifies four key steps to limit the impact.

  • Identification
  • Isolation
  • Inoculation
  • Immunization

It is important to keep in mind that every minute counts when you experience an attack – and that asking for help right away will limit the impact. The goal, though, is to be ready before they happen so you can execute an established plan.

“For companies looking to make progress preparing for ransomware and other cyber attacks we recommend a pretty consistent approach,” said Paquet. “Let’s get together and perform a detailed risk assessment. Then we can help you prepare a ransomware playbook and solution tailored to your needs.”