Like anyone working in security, I’m painfully aware how the last year has made things far more complicated for us and even easier for bad actors. Remote working opened the door to targeting individuals’ vulnerabilities, and we have seen new lures and traps that imitate credible sources involving COVID-19 advice or actions sprung up all over the place.

Ransomware is a familiar and favored threat tactic of cybercriminals. Recently, I was pleased to join a panel of experts at a webinar on the topic of “Mitigating ransomware attacks in 2021” with Infosecurity magazine host James Coker.

Traditionally, ransomware has been about gaining access to systems, encrypting or stealing data—sometimes selling it—unless a ransom is paid. Even a quick straw poll during the webinar found that up to 29% of organizations had been targeted by an attack in the past year. But, more recently, we’ve seen the “simple” act of ransomware take  a more sinister turn.

Attackers are getting onto networks and staying there. They aren’t just encrypting data; they are threatening to ruin a company’s reputation by letting everyone know they have taken it. And they are taking an almost “division of labor” approach to realizing ransomware success.

What do I mean by that? Well, in my experience there’s been an increase in ransomware specialists. There might be someone offering ransomware as-a-service from the dark Web. That person may sell the service to someone who gets access into the organization and makes it encryption-ready. Then, they may pass on that information to someone who is an expert in hunting and seeking out what can be monetized. Suddenly, you’ve got people that really know what to look for, how to find it and how to move laterally around the organization.

<<< Start >>>

<<< End >>>

I’ve seen attackers getting smarter in other ways, too. Not content with having a market ready and waiting to pay cash for your data, they’re looking at the hidden assets of intellectual property (IP). Say you have an innovative asset in green energy. You’ve not only invested in it financially, but also have invested in the prospect of being first to market.

The value of this kind of IP makes the whole topic of whether to pay, or not to pay ransoms, massively complex. Another poll during the webinar found that up to 42% of executives were unsure or felt it depended on the size and resources of the organization when it came to paying up.

There’s no silver bullet

Of course, there are moves within the industry to disrupt ransomware payments. In April 2021, the Institute for Security + Technology (IST) released a report from its Ransomware Task Force which recommends encouraging voluntary information sharing on ransomware attacks, launching public awareness campaigns on ransomware threats, exerting pressure on countries that operate as safe havens for ransomware operators and incentivizing the adoption of security best practices through tax breaks.

Despite these efforts, everyone is vulnerable—and everyone’s security approach is different. There is a certain inevitability to ransomware and none of us can afford to be complacent.

Here’s some practical steps we can take to improve outcomes:

  • Properly test—and test again. The poll showed that up to 17% of those attending the webinar were very confident they were well equipped to prevent ransomware. I’m encouraged to hear that, but you can’t be too cautious when it comes to knowing the response of your board, your security team and your people—and testing is the best way to find out.
  • Manage the problem—and have a plan. I always say assume that you’re going to be compromised and work from there. Segregate the data that you care about, compartmentalize where you can, harden your network—these aren’t new approaches, but we all know we should be brilliant at the basics.
  • Understand the business drivers of your organization and then play the “what if” game. Knowing which technologies will give you the protection you need for your particular environment is going to help you to withstand ransomware attacks. Don’t just buy the latest or most expensive products, buy the most appropriate for your own security environment.
  • Be aware what’s behind paying ransom. If we all stop paying, ransomware would go away; the fact it hasn’t, tells us something. Being held to ransom is scary—I’ve known situations where business leaders have had threats on their personal lives from stolen company data. But with the right preparation and testing, there’s a much better chance of being able to maintain business continuity without having to pay the ransom.
  • Get your board on board. Make sure your executives understand and are ready for ransomware before they have to deal with it. Get them to think about how the business can run when some of it is encrypted, who will communicate to whom and how and what priority arrangements are in place to discharge what needs to get done.

Let’s be clear, attackers do their homework and know which buttons to push. They understand your organization and they’ll be uncanny in their ability to find the things that really hurt. But, if you prepare your organization so that you’re in a position that you have a choice, you can be ready and ransomware resilient.

Take a look at our latest point of view on this topic or contact me for more.

 

Accenture Security is a leading provider of end-to-end cybersecurity services, including advanced cyber defense, applied cybersecurity solutions and managed security operations. We bring security innovation, coupled with global scale and a worldwide delivery capability through our network of Advanced Technology and Intelligent Operations centers. Helped by our team of highly skilled professionals, we enable clients to innovate safely, build cyber resilience and grow with confidence. Follow us @AccentureSecure on Twitter or visit us at www.accenture.com/security.

Accenture, the Accenture logo, and other trademarks, service marks, and designs are registered or unregistered trademarks of Accenture and its subsidiaries in the United States and in foreign countries. All trademarks are properties of their respective owners. All materials are intended for the original recipient only. The reproduction and distribution of this material is forbidden without express written permission from Accenture. The opinions, statements, and assessments in this report are solely those of the individual author(s) and do not constitute legal advice, nor do they necessarily reflect the views of Accenture, its subsidiaries, or affiliates. Given the inherent nature of threat intelligence, the content contained in this article is based on information gathered and understood at the time of its creation. It is subject to change. Accenture provides the information on an “as-is” basis without representation or warranty and accepts no liability for any action or failure to act taken in response to the information contained or referenced in this report.

Copyright © 2021 Accenture. All rights reserved.

Mark Raeburn

Managing Director – Accenture Security, Global Cyber Investigation, Forensics & Response Lead

Subscription Center
Subscribe to Security Blog Subscribe to Security Blog
Subscribe