The ransomware attack on the city of Baltimore is a stark reminder of how costly and debilitating a ransomware attack can be to any organization. Baltimore’s budget office has estimated the attack will cost the city at least $18.2 million and has significantly disrupted the city’s operations as the property market was briefly frozen, water bills are not being issued, and communication between police and prosecutors was hindered.
Ransomware attack statistics indicate the problem is not getting any better with 71% of ransomware attacks targeted small businesses in 2018 and the global ransomware damage costs are predicted to reach $20 Billion by 2021.
Organizations should also be aware that a risk transference approach may not always payoff, as some insurance companies are refusing to pay ransomware claims.
While there is no guaranteed strategy for completely preventing a ransomware attack, the city of Baltimore could have avoided this costly and debilitating attack had it taken the following proactive steps to protect its data and systems:
Step 1 – Identifying mission critical data and systems is a crucial step because you can’t protect what you don’t know you have. Utilizing an active discovery and inventory tool that can identify system and device assets connected to your networks will help you to control and maintain a detailed inventory of those assets.
Step 2 – Protect your mission critical data and systems by ensuring that all systems have the latest OS updates, security patches, and third-party application patches. There are several tools available to provide automated patch management.
Because email is one of the most frequently used attack vectors for ransomware, organizations need to ensure they have a robust email security solution in place that can identify emails containing links and documents that have malicious code and prevent those emails from reaching the end-user.
Just as important is creating isolated and frequent backups of your mission critical data and testing those backups on a periodic basis. Storing those backups at a secure off-site location is an added layer of protection.
Step 3 - Detect and respond to ransomware activity by deploying continuous monitoring tools which include next generation endpoint protection and managed detection and response solutions. These tools can detect and stop an attack before it starts and can roll back systems to a prior state.
Step 4 - Provide security awareness training to your employees because, as previously mentioned, email is one of the most frequently used attack vectors for a ransomware attack. Educating employees on how to identify these emails will help to reduce the potential for a successful ransomware attack.
Ransomware attacks will continue, and a successful attack can have a devastating and costly impact to any organization. Being proactive by taking the steps mentioned above can significantly increase your organization’s overall security posture and greatly reduce the chance of a successful ransomware attack.