Strengthening Data Defense: Insights From Recent Ransomware Attacks

In today’s digital landscape, ransomware attacks pose a significant threat to businesses worldwide. Shrav Mehta, Founder and CEO of Secureframe, shares crucial takeaways from recent ransomware attacks. 

Ransomware attacks are expected to cost victims around $265 billion annually by 2031Opens a new window , with a new attack projected every two seconds. In the past six months, a string of ransomware attacks in the healthcare, financial, and telecom industries have underscored how important it is for companies to protect their data and maintain customer trust.

The good news is that there are lessons you can learn from these incidents, and steps you can take to get ahead of the next one. Below I’ll dive into four important takeaways from recent ransomware attacks and practices that will help your team achieve airtight security and compliance.

Internal Security Protocols Are Your First Line of Defense

The largest cybersecurity risk for most businesses is people, not technology. The ransomware attack that hobbled MGM Resorts is a recent example of a successful casino attack carried out through insider threats targeting employees.

Building a fortress against social engineering requires more than technological solutions. It takes a culture of vigilance, where every employee is an informed and active participant in the company’s security. Employee onboarding and offboarding are some of the most critical vulnerabilities in an organization’s security architecture. According to the annual DTEX i3 team insider risk investigations report, 12% of employees took sensitive IP with them when they left an organization, including customer data, employee data, health records, and sales contracts. 

Putting practices in place, like comprehensive background checks, role-based access controls, and periodic review and acceptance of company policies, go a long way in preventing cyber attacks that take advantage of employee vulnerabilities. 

It’s also important that regular training includes hands-on experience and simulations to help employees understand how to spot social engineering attempts and to create an environment where people feel comfortable enough to report incidents and know the proper channels and contacts to do so.

See More: Global Security Mandates for Open Source Software Deployment 

Proactive Approach to Vulnerability Management

When three Prospect Medical Holdings hospitals in Connecticut experienced a cyberattack in August, patients had to be re-routed to different hospitals, some as far away as Massachusetts, for 17 days. And when Change Healthcare was the target of a ransomware attack in February, patients refilling prescriptions at local pharmacies were asked to pay full price for their medication. 

Ransomware attacks can have dire consequences, but being proactive about vulnerability can go a long way toward preventing this type of catastrophe. Regular penetration testing and security assessments simulate the tactics and techniques of real-world attackers, uncovering weaknesses in infrastructure, applications, and human factors that attackers could exploit, allowing security teams to identify and remediate vulnerabilities before they can be exploited.

These exercises also test the organization’s response capabilities, ensuring that teams are prepared to quickly and effectively address social engineering attacks and other security incidents. After each exercise is complete, the findings can be used to make future security training more relevant by focusing on the specific vulnerabilities and tactics that could be used against the organization.

The most effective penetration tests and security assessments: 

1. Are conducted at least annually, as well as after any significant change in the network or application infrastructure.
2. Cover all potential entry points, including network infrastructure, web applications, endpoints, and social engineering vectors. 
3. Use a mix of tests, including automated scanning tools and manual testing techniques.
4. Prioritize and fix identified vulnerabilities based on their risk level, then conduct follow-up tests to ensure they have been addressed.

Safeguarding Your Vendor Ecosystem: Third-party Risk Management

SaaS companies exist in an interconnected business ecosystem — that means the security posture of your third-party vendors is just as important as your internal defenses. Still, 98% of organizationsOpens a new window have at least one third-party vendor that has suffered a data breach. 

Ransomware attacks on third-party vendors can significantly impact businesses, from disrupting your service to exposing your data. The October 2023 ransomware attack on the British Library was likely caused by the compromise of third-party credentials, leading to major disruptions to its systems and operations, as well as a 600GB data leak. 

That’s why it’s so important to manage the risk for every vendor you work with —  due diligence, continuous monitoring, and vendor management policies can all help ensure your vendors are adhering to strict cybersecurity standards.

Due diligence assessments should consider what type of data your vendor is accessing, the services provided, and whether they are compliant with relevant regulations. For example, asking potential vendors about their encryption practices or use of an intrusion detection system (IDS) can offer insight into their network security practices, while inquiring about client offboarding processes can help you understand how your data will be disposed of once the vendor relationship ends. After assessments are completed, you should rank vendors based on how critical their services are and the sensitivity of the data they handle so you can apply more control to higher-risk vendors.

Vendor management policies also help ensure your vendors are aligned with your organization’s security requirements, risk tolerance, and compliance obligations. Vendor contracts should include specific evaluation criteria, security requirements, incident reporting protocols, and compliance obligations. 

Protect Against Data Breaches With AI

In 2023, businesses paid over $1 billionOpens a new window in ransomware payments — and 2024 is expected to see even higher costs. Beyond the payments, the average ransomware attack cost last year exceeded $5 million. The ransomware attack against MGM mentioned earlier resulted in losses of $100 million, including $10 million in direct costs to restore downed IT systems. 

There’s a lot of hype around AI right now, but one powerful AI application that too often gets overlooked is security. 

Security AI and automation are powerful tools for preventing social engineering attacks. Continuously monitoring your systems provides advanced risk assessments and threat detections. IBM research shows organizations that use security AI and automation extensively were able to identify and contain a data breach 108 days faster and saw cost savings of nearly $1.8 million compared to organizations that do not use AI and automation for security at all.

AI algorithms can analyze email content to identify phishing attempts, comparing them against vast datasets of known phishing emails to detect subtle cues and patterns that may go unnoticed by a human. AI-powered systems also monitor user behavior and network activity to identify social engineering attacks in progress, such as unusual login times or locations and unexpected data access patterns. AI can help tailor security awareness training to individual users based on their role, behavior, and past interactions with potential threats, making security training more effective.

Proactive Diligence Paired With Technology Is the Best Defense 

There are significant consequences for unaddressed security vulnerabilities that lead to ransomware or other cyber attacks, particularly for enterprises, including breaching contracts, losing business opportunities, reputational damage, stock price declines, and much more. By being proactive about cybersecurity and pairing human mindfulness with advanced technologies, your business can build an airtight security posture, protect your data, and preserve customer trust for long-term viability.

How can organizations improve internal security protocols? Let us know on FacebookOpens a new window , XOpens a new window , and LinkedInOpens a new window . We’d love to hear from you!

Image Source: Shutterstock

MORE ON RANSOMWARE

• 8 Strategies to Minimize Ransomware’s Impact
• The Ransomware Dilemma: Why Not Paying is the Best Policy 
• Fortifying Your Defenses: A Guide to Ransomware Preparedness in 2024
• Mastering Ransomware Resilience: Best Practices and Strategies