A game of keyboards: How businesses can defend themselves in the age of nation-state ransomware

For years, ransomware has been a serious thorn in the side of businesses, pillaging data and damaging bank balances in the process. According to a recent report, one third of small-to-medium sized businesses worldwide were victims of a ransomware attack last year. It’s the number one online threat that faces both small and big business alike; a threat that shows no signs of slowing any time soon.

Ransomware in its most basic form can be detrimental to an organisation. However, in the last year, it took an even more sinister turn by becoming the weapon of choice in a global power struggle. And to devastating effect. The leak of the NSA’s stash of cyber-weaponry led to the recent WannaCry ransomware campaign which brought the NHS to its knees, whilst the later Petya ransomware reeked further havoc in vital industries across the globe.

These were large-scale, advanced campaigns that targeted different countries’ lifeblood infrastructure. What’s more, researchers linked both attacks back to state-sponsored actors, with The Ukraine, Russia and North Korea leading a murky suspect list. But in today’s connected world, targeted attacks don’t stay targeted for very long – and plenty of companies are caught in the crossfire.

For many businesses, ransomware was previously seen as a nuisance but little more. That has now changed. Ransomware has escalated to national-level attacks, breaching borders and spreading like wildfire. With this in mind, below are the five basics that companies must get right if they are to avoid finding themselves in the middle of a cyber game of thrones.   

1. Control access

The first port of call is to try and prevent ransomware from ever entering your network. In order to prevent an attack, companies have to employ the right technological barriers. Strategies such as only allowing users access to the information on the network they need (permission-based access), only allowing previously accepted programmes to work within the network (whitelisting) and not allowing programmes to execute changes even if they make it through the whitelisting process (read-only blanketing) provide several stumbling blocks for ransomware programmes to navigate. By strictly controlling access, the risk of a threat can be greatly reduced thanks to the various stumbling blocks that these technologies operate as.

2. Educate your workforce

Of course, it is almost impossible to block every form of malware from entering your network, especially as they continually evolve and improve at an exponential rate. Cybercriminals understand that the weakest point of entry into an organisation is through the staff, and therefore often target junior employees, or those in roles that are known to have a great deal of email traffic. Hackers know the environment they are attacking and capitalise on the fact that the majority of people will not ignore an email labelled urgent from a colleague or client.

In order to cut the chances of this risk having an impact, companies should introduce awareness courses and provide educational materials on how to spot an attack, who to contact in such a situation and how to avoid falling victim. As ransomware is spread largely through opportunistic phishing emails, if an employee does find a suspect email in their inbox, they can be equipped to deal with the situation through an understanding and appreciation of the threats and strategies that they face when online.

3. A context-aware approach to security

As much as security education is a necessity, companies must also ensure that they are protecting their employees through the deployment of context-based security. In order to be context-aware, an organisation must have the answers to a number of questions. Are employees connecting to the network from home, or remotely? Are they using a mobile device? Are they connected to a Wi-Fi network that is trusted? By asking these types of questions, businesses can alter the parameters of their network that employees can access and reduce any potential issues. You might be happy for a travelling salesman to access his emails while connected to a coffee shop WiFi network, but you’d rather stop them accessing financial information in such an environment.

Today, remote working, travel and multiple devices are common in almost every business. Therefore, a company’s technology has to be advanced enough to understand context and adjust accordingly.

4. Secure the employee journey

In order to reduce vulnerable entry points further, companies should also look to formalise their user lifecycle. This can be done by implementing and refining onboarding and offboarding procedures. This way, new joiners, and more specifically leavers, will not expose an access point that represents an open door to an opportunistic cybercriminal.

To make sure that the user lifecycle is monitored and contained, organisations can outsource this function to companies that secure digital workspaces. Rather than leave any errors down to human memory and judgement, these companies utilise automated systems for leavers and joiner, ensuring that back doors to your network are firmly locked. With minimal time invested, a company can ensure that the entire process is properly managed.

5. Always have a plan B

Of course, regardless of how vigilant a company is, there is always the chance it will still fall victim to an attack. Therefore, every organisation should have a robust back up plan in place to prevent total operational standstill – something not many businesses can afford to deal with. And remember, the hackers are not obligated to hand back the unencrypted data once they have been paid, so ensuring that a back-up is in place can be the difference between staying operational or a forced shut down.

Ultimately, with the NSA stash of weaponry still in the wild, we can be sure to expect more widespread and sophisticated ransomware attacks to emerge. And as nation-state level attacks become more regular, businesses will increasingly find themselves in the middle of the chaos. However, by identifying the threat, covering the basics, employing technology and backing-up their data, the pawns in the middle of the cyber war can defend themselves.

Jason Allaway, VP UK and Ireland, RES, now part of Ivanti
Image Credit: Datto