How to protect your organization from ransomware attacks during the holiday season

Image: Artyom Medvediev, Getty Images/iStockphoto

Cybercriminals person a knack for knowing not lone however and wherever but erstwhile to footwear disconnected a cyberattack. The extremity is to drawback an organization's IT and information unit off-guard erstwhile they're unavailable oregon distracted. That's wherefore weekends and holidays are an opportune juncture for a ransomware onslaught erstwhile staffers are trying to bask idiosyncratic clip with household and friends. A study released Wednesday by Cybereason looks astatine the menace of holiday-based cyberattacks and offers proposal connected however to grip them.

SEE: Ransomware attackers are present utilizing triple extortion tactics (TechRepublic)

For its study Ransomware Attackers Don't Take Holidays, Cybereason commissioned Censuswide to survey 1,206 cybersecurity professionals employed by organizations with 700 oregon much employees successful the U.S., U.K., France, Germany and different countries. Polled successful September of 2021, the respondents each worked for organizations that had been deed by a ransomware onslaught during a vacation oregon play implicit the past 12 months.

Among those surveyed, 36% said they judge the ransomware onslaught connected their enactment was palmy due to the fact that they had nary contingency program successful spot and lone a tiny fig of staffers were disposable to respond. Despite the attack, 24% of the respondents said they inactive deficiency a program to woody with attacks during weekends and holidays.

Without a contingency plan, organizations look respective obstacles responding to and recovering from a ransomware attack. Among the respondents, 60% said it took them longer to analyse the scope of the damage, 50% said they needed much clip to respond to the attack, and 33% reported that they required a longer play of clip to retrieve from the attack.

SEE: Google Chrome: Security and UI tips you request to know  (TechRepublic Premium)

Of course, nary 1 likes moving weekends oregon holidays, particularly erstwhile faced with an exigency oregon crisis. Some 86% of those surveyed said they had to miss a vacation oregon play enactment owed to a ransomware attack, a condition that tin pb to burnout oregon occupation dissatisfaction. Further, 70% of the respondents said they'd been intoxicated portion dealing with an onslaught during a play oregon holiday, different complication that tin impact the response.

On the positive side, galore of the professionals who've been deed by play oregon vacation ransomware attacks are getting wiser. Some 68% said they program to adhd caller information technologies, 51% said they are mounting up a contingency program and 41% said they're adding further unit during weekends and vacation periods.

Being acceptable for a imaginable onslaught this vacation play whitethorn beryllium adjacent much challenging than successful past years. As 1 responsive said: "This November/December is going to beryllium peculiarly rough, arsenic it's going to beryllium the archetypal clip immoderate radical person been capable to spot their families since the pandemic began. All of that means that radical volition beryllium further from the bureau and little apt to cheque alerts."

How to hole for imaginable attacks during the holidays

To assistance your enactment woody with a imaginable ransomware onslaught during the holidays, Cybereason offers the pursuing tips:

• Implement an Endpoint Detection and Response solution. Only 36% of respondents said they had EDR exertion successful spot erstwhile they were attacked. Such tools tin compensate for the limitations of accepted information extortion by uncovering and preventing much types of threats and helping with investigation pursuing an attack.
• Practice beardown cybersecurity hygiene. This means establishing a information consciousness and grooming programme for employees, making definite your operating systems and bundle are regularly patched and utilizing the astir effectual information products to support your network.
• Make definite cardinal staffers tin beryllium reached. In the lawsuit of a vacation oregon play attack, you request to guarantee that your cardinal IT oregon information unit are available. During specified periods, employees whitethorn not respond to email oregon adjacent reply telephone calls. That's wherefore it's important to acceptable up on-call work assignments for off-hours truthful that the close radical are accessible.
• Run periodic table-top exercises. Perform regular drills to see not conscionable your information squad but radical successful Legal, Human Resources, IT enactment and adjacent the enforcement suite truthful each employees cognize their roles successful responding to an attack.
• Ensure that you tin isolate targeted and captious assets. Once a ransomware onslaught starts, you privation to effort to halt it earlier it spreads. As such, your information squad should cognize however to disconnect a host, fastener down a compromised strategy oregon account, and artifact a malicious domain. Be definite to trial these processes with some scheduled and unscheduled drills astatine slightest erstwhile each quarter.
• Review your procedures to fastener down captious accounts. To transportation retired a ransomware attack, the criminals typically escalate privileges until they compromise domain-level admin accounts. Such accounts seldom request to beryllium progressive during weekends and holidays. Instead, make unafraid and emergency-only accounts connected your domain that tin instrumentality implicit erstwhile your accustomed admin accounts are either disabled oregon inaccessible during an attack.
• Consider a managed information services provider. If your ain enactment lacks the unit indispensable to leap successful during a vacation oregon play attack, look into an outer supplier that tin enactment rapidly successful the lawsuit of an emergency.

Also see

• Ransomware: What IT pros request to cognize (free PDF) (TechRepublic)
• How to forestall different Colonial Pipeline ransomware attack (TechRepublic)
• SolarWinds attack: Cybersecurity experts stock lessons learned and however to support your business (TechRepublic)
• How to go a cybersecurity pro: A cheat sheet (TechRepublic)
• Hiring Kit: Cybersecurity Engineer (TechRepublic Premium)
• Cybersecurity and cyberwar: More must-read coverage (TechRepublic connected Flipboard)