The 2017 WannaCry ransomware attack sent shockwaves globally, impacting hundreds of thousands of computers and devices and leaving billions in damages in its wake. Little did we know then that it was just the start of a rise in more sophisticated, widespread, and detrimental ransomware attacks. Since then, we have seen a steady stream of high-profile ransomware victims, along with a rise in the number of ransomware groups offering ransomware-as-a-service (RaaS).
WannaCry taught all organisations some important lessons. The main one is that no matter how much you spend on your defence mechanisms and protecting your perimeter, you can be exposed from within if your technology and systems are old, outdated, or left unpatched. Poor internal cyber hygiene leaves the door open for malicious actors.
As we look towards the future, there are several initiatives organisations can implement to limit their exposure to such threats. One is segmentation, essentially putting in place technical guardrails that separate one business function from another. This minimises the unchallenged propagation of malicious actors and malware. Another best practice is to identify all critical assets which are most commonly target for attacks and perform frequent incremental backup in the event a system recovery is needed. Strong multi-factor authentication and privileged access controls are also obvious components.
Every user is now a privileged user with access to sensitive systems and data. Organisations should consider a least privilege approach to access, limited to only what is required for the job function or task. While it will not help increase operational readiness, organisations should also always be prepared for the worst-case scenarios with a cyber insurance plan in place to cover any losses.
Ransomware attacks continue to proliferate today. While government agencies around the world work to implement measures to prevent ransomware attacks and prosecute those who partake in such activities, successfully mitigating ransomware attacks requires a host of combined initiatives. This includes implementing security controls founded in least privilege and Zero Trust, the creation of a security first company culture and employee training, robust threat detection and response, collaboration between public and private sectors, and most importantly operating on the mindset that it is not ‘if’ cybercriminals will attack but when.
Discussion about this post