How to Use Risk Management Models for Fighting Ransomware

Ransomware is a serious threat, and it’s growing in severity all the time. According to Check Point, 2023 saw organisations experience an average of 1,158 attacks per week, with 10% of all organisations suffering an attack, up from 7% in the previous year.

Naturally, every organisation wants to avoid becoming a data breach statistic, but it’s very difficult, and maybe even impossible, to remain one step ahead of a threat that can come from so many vectors and is itself constantly evolving.

For CISOs and their teams, the stress is real, and it’s having a noticeable impact on their health. A report by the Royal United Services Institute (RUIS) warns that burnout is high among information security teams, physical health issues are not uncommon, and mental health is suffering. Isn’t there a better way to address this?

Cookie Cutter Strategies Are Not Enough

If completing all the steps on your cybersecurity checklist was ever enough to protect your organisation, it isn’t now. The ransomware landscape is extensive and constantly changing. Ransomware as a Service (RaaS) means that attacks can be relentless, and it only takes one to have a devastating effect on your business.

What’s more, ransomware can affect you even if it isn’t aimed at your business. For example, last year’s MOVEit ransomware attack affected thousands of companies, including many that don’t even use MOVEit, so defending your own perimeter is not sufficient.

Risk management offers an alternative that could save your brand reputation and your information security team’s sanity. It’s a more holistic approach than traditional cybersecurity strategies that involves identifying and assessing categories of threats, and then planning how to control them.

The idea is that the tactics favoured by malicious actors are always in flux, so it’s impossible to make sure you’re fully covered. Instead, it’s best to logically consider what types of threats are the most likely to happen, and if they succeed, which are most likely to do significant damage. Once you have these aspects all mapped out, then you can take action from a better informed place.

Here is a deeper dive into what’s involved and how to implement risk management to protect your organisation from ransomware.

Identify the Risk Landscape

The first step requires identifying, analysing, and prioritising all possible risks. This goes beyond threat intelligence and perimeter testing to include tracking the flow of data around your ecosystem and documenting all your assets.

You’ll also need to map external resources and third party connections.

Crucially, you’ll also give each asset, resource, and connection a risk score, considering both their vulnerability and how crucial they are to your business operations. This step alone can involve a lot of time and effort, but Cypago, a cyber GRC automation platform, can help. The solution offers intelligent gap analysis that reveals security gaps, provides risk scores, and prioritises high and critical risks.

Protect Your Organisation

Traditional cybersecurity measures still play a role in risk management. Once you’ve identified your priorities, it’s vital to implement all possible defences and protections for your ecosystem, including web-based firewalls, credentials management, and robust access controls.

Tools like OneIdentity can help you manage access permissions and enforce strong password management. Additionally, you need proactive measures like backing up frequently to vigilantly-siloed cloud-based servers.

Along with technical protection, you also need solid employee education and security policies. Employees must know how to recognise and avoid sophisticated phishing and social engineering attacks, and you need to control personal device usage to ensure that BYOD doesn’t become murky, ungoverned, and a source of unknown threats.

Detect Threats and Potential Attacks

When it comes to ransomware, forewarned is definitely still forewarned. Continuous, ongoing security monitoring is a crucial element of effective risk management.

This includes monitoring your own system traffic for anomalies and attack attempts, keeping an eye on the threat horizon, and sharing intelligence about emerging threats with other organisations.

As part of your detection processes, you’ll need to constantly scan your own systems for vulnerabilities and remediate them immediately, and ideally automatically. A security vulnerability scanning tool like Syxsense allows you to see and remediate issues with any endpoints. At the same time, it’s important to keep up to date on patches and software updates.

Prepare a Response Protocol

Another crucial risk-driven step is to establish policies that you’ll follow and tools you’ll use in the event of a ransomware attack. For example, ProLion CryptoSpike helps organisations recover files and data after an attack.

Every organisation will develop their own procedure, but your policy should include:

  • The chain of communication in the event of an attack
  • How you’ll isolate infected devices and servers
  • When and how to apply decryption tools
  • What methods you’ll use to identify attack vectors and understand the attack tactics
  • What procedures you’ll follow to mitigate the attack, e.g. certain data types that would demand a different response if hackers get access to them
  • Responding to hacker communications and demands, deciding if you pay up in certain circumstances and if so, which ones

Once you have a plan, you’ll need to run a full test to see how effective it is and what needs to be improved. Track how quickly you can respond and see whether you can speed it up even more.

Plan for Recovery

Last but not least, work out a detailed plan for the day after a ransomware attack. Lay out exactly which steps you’ll take to return to normal operations as fast as possible.

This should include defining the conditions that need to be met before you can activate the backup, and which systems, servers, and networks will be the first to be restored.

This plan should also include establishing who will be responsible for communicating with the public, your users, the media, and industry regulators about the incident, and what messaging they will use. Consider what you might say to your users to reassure them, and any special offers you might make to encourage them to remain with your organisation.

Risk Management Helps Your Security Teams Sleep at Night

The awkward truth is that nothing can prevent a hacking ring, state-sponsored actor, or opportunistic cyber thief from attempting a ransomware attack on your organisation. However, a risk management approach does enable you to raise your resilience and lower the chances of falling victim to such an attack, as well as minimising the fallout if it does occur.

Share This: