Avoid Ransomware Attacks by Solidifying Your Cybersecurity Strategy

Ransomware attacks are some of the most sophisticated and devastating types of cyberthreats currently out there. These attacks have only increased in popularity during the COVID-19 pandemic, as many organizations struggled to protect a remote workforce with limited cybersecurity measures. This made many businesses vulnerable to network compromise. Now, organizations should be proactive in their approach to ransomware prevention.

During the pandemic, hospitals and educational institutions were some of the top targets for ransomware attacks. MacDonald explains that this is because remote learning meant that students were accessing school networks from many different places, which in turn made those networks more vulnerable.

MacDonald explained that ransomware attacks are particularly pernicious because they are complex and the financial demands are high. For example, MacDonald shared that one large enterprise organization was hit with ransomware and the demand from the bad actors was $30 million. In that instance, the hackers infected the network with Trojan malware, one of the most damaging kinds of cyberattacks. By working with MacDonald, this organization was fortunately able to contain and remediate the ransomware attack.

A customer in the manufacturing industry also recently approached CDW following a ransomware attack at the beginning of 2021. Following that attack, the customer wanted to implement large-scale cybersecurity upgrades to better the environment and supplement ransomware prevention. CDW helped the customer remediate the security issues, and over the course of the year, designed upgrades for the business’s security environment as well as new storage and backup solution. As a result, this customer’s environment is now more securely and will be completely updated following this partnership with CDW.

By taking a proactive approach to cybersecurity now, using tools such as a maturity assessment and other resources to cement your cybersecurity strategy, you can avoid becoming ensnared with these kinds of ransomware. 

When it comes to ransomware prevention, MacDonald explained it’s about more than just having good cybersecurity measures in place and checking a box. Instead, MacDonald emphasized that organizations need to make good cybersecurity practices a part of the company culture and educate employees about the signs of a potential cyberattack. End user training is an important part of making sure your business can avoid ransomware attacks.

Phishing remains the top threat tactic that bad actors use to implement ransomware attacks, according to MacDonald. This involves business email compromise and usually a message that looks like it’s sent from a legitimate source within the company to an employee. While historically end users might have been able to easily spot these fishy messages because they were full of typos or other grammatical errors, hackers have become increasingly sophisticated. MacDonald also shared that the contents of these phishing emails have become more specific, too.

For example, MacDonald shared that it’s now common for an employee to receive an email that might look it comes from the company CEO, explaining that that individual needs to cut a purchase order immediately, move funds, and send to a tracking number. Because the ask is specific and appears more legitimate than phishing emails may have in the past, that means employees are more susceptible to comply.

As ransomware attack entry points become more sophisticated, employee training likewise needs to become more robust. The need to adopt cybersecurity best practices as part of company culture is more important than ever before.

By proactively training employees to recognize the signs of a ransomware attack, your company can save the headache — and potential financial strain — of needing to recover from such an attack. 

When it comes to preventing ransomware attacks, end user training is just the beginning. MacDonald shared that organizations should have a 360-view when developing an incident response plan. Incident response should involve the executive and IT teams, but it should also involve public relations and human resources. Your company’s PR team should be brief and ready to determine how to respond in the event of an attack. Likewise, the human resources department should have employees’ contact information readily available in case an attack happens and the company’s network goes down. From a personnel perspective, MacDonald emphasized it is important to have the PR team, human resources, and individual employees all primed.

When it comes to ransomware prevention using technology tools, MacDonald shared that the key is implement strong protection and controls. Organizations should implement inventory control for hardware assets, and MacDonald stressed that multi-factor authentication (MFA) is a must for granting access to the company network and resources. MFA provides an extra-layer of protection and keeps bad actors from accessing the network with just a password.

He also explained that having backups of data are essential in the case of a ransomware attack. Your organization should not only have backups, but be prepared to test and recover from them. MacDonald recommends backing up your data to the cloud, as that can offer more protection and easier recovery relative to an on-premise solution.

MacDonald also emphasized the importance of endpoint protection. Since the majority of ransomware attacks come from phishing, endpoint protection is essential. All endpoints in your company’s IT environment should have that protection, and a managed detection and response solution is key for quickly addressing any potentially compromised devices. 

While the threat of ransomware is real and may seem overwhelming, CDW is here to help your organization with a proactive cybersecurity plan. CDW takes a holistic approach to cybersecurity with a focus that’s not just on products and tools. This approach considers cybersecurity strategy as the sum of all parts, including security services such as incident response and maturity assessment. CDW is uniquely equipped to help with your cybersecurity needs with a combination of the right technologies, solutions, and services that are needed to combat today’s sophisticated ransomware attacks.