Ransomware: What Should Businesses Prioritise to Remain Secure

Ransomware attacks are a significant and ever-increasing evolving threat to the UK landscape; they pose the risk of major carnage for the business when appropriate controls are not in place. No matter the size of a business, all companies will be the target of a ransomware attack at some point and need to ensure they are fully protected before the worst happens.

In 2024, 66% of technology leaders identified cybersecurity as their top risk, according to PwC. Despite this, only 2% had fully implemented cybersecurity solutions across their organisations. Businesses need to switch from a reactive to proactive cybersecurity approach to reduce the threat of attack. Having strategies in place to mitigate or remove the threat can not only reduce financial losses and improve risk management but also enable companies to understand and combat emerging threats with confidence.

Leveraging robust security measures
 
Ransomware often finds its way into systems when a user has been social engineered to click a link on a website, the problem is further compounded when this user’s machine is running with admin credentials. This allows the attacker to gain a foothold in this machine where they can leverage vulnerabilities and unpatched systems further exposing the wider company to risks but from within the network. One of the most effective ways to mitigate these risks is locking down end user devices using principle of least privilege and hardening the endpoint by removing unneeded software. This alone can reduce the initial entry point into most cyber-attacks.

With the current threat landscape, it has never been more important to identify potential threats before they cause crucial damage to an organisation. Effective tools can help identify suspicious behaviours of users, such as unexpected file changes, unusual locations accessing information or unfamiliar software being installed. Companies should implement reliable tools and systems that work to recognise signs of unusual behaviour and act like isolate, not just identify and notify when a data breach could have already taken place.

Key threat detection solutions
 
•Next generation firewalls – Our next generation firewall solutions provide intelligent application awareness to known and new threats whether in the cloud or on-premise. Going beyond capabilities of traditional firewalls, next generation firewalls provide enhanced security by inspecting networks at various levels and delivering a more comprehensive protection against threats.

•Identity federation – In today’s new digital age, hybrid cloud environments are the new norm, so it’s essential to ensure that all applications (internal and external) align to provide the same secure authentication, as not doing so leaves businesses open to significant risk.

•Application security – Applications are a primary target for attackers, with 70% of data breaches arising from application vulnerabilities. Only ‘allowed’ applications should be able to run in a businesses’ environment and sufficient application infrastructure will help mitigate this.

•Managed Endpoint detection and response – (MDR) is commonly an outsourced specialised team monitoring and responding to threats on your behalf at the endpoint level (computers, mobile devices or servers). MDR solutions continuously collect and analyse data from endpoints via advanced analytics and machine learnings, providing businesses with valuable information that places them in a more secure position. This can be a force multiple for your internal IT team when companies are unable to attract cyber security talent.

•Defence in Depth security – Implementing a Defence in Depth approach is essential for defending against ransomware attacks. While one layer might stop an attack multiple decrease the probability of a successful attack and a ransom event occurring. Software looking for anomalous activity can further increase these defences as normally.

Employee training and awareness
 
Human error is a significant factor in a vast majority of cyberattacks as it’s often the weakest element that hackers tend to exploit. Attackers can pinpoint vulnerable users through phishing tactics, weak passwords and accidental data sharing, highlighting the importance of staff training to help avoid cyber-attacks and data breaches.

A good starting point is to ensure all staff members have completed sufficient training and understand possible data breaches and how to mitigate them. Security awareness training can reduce the likelihood of human error, limiting the risk of companies suffering from security breaches, and ultimately enhancing a business’s security posture.

Employees should be made aware of common ransomware tactics, such as phishing emails, suspicious links and vulnerability exploitation. Regular testing for employees should also be put in place to ensure they are able to successfully recognise these ransomware attempts over time.

Recovery and minimising downtime

It’s important for organisations to develop an incident response plan should the worst happen. This would outline all the steps needed to be taken in the event of an attack, allowing a business to get back online. Incident response plans should be tested ensuring all staff are aware of their part in the plan and can enact on it. The document should be regularly updated to reflect changes in in your business and the cyber threat landscape.

Company contingency plans should be in place for when cyber-attacks occur on their supply chain if you  operate in the just in time model for materials. Attacks to supply chains happen and cause organisations to shut down production lines when suppliers are attacked. This has a significant onward impact to businesses that are relying on just-in-time deliveries, as one critical supplier could cause multiple business weeks of downtime. To minimise your impact consider preparing for these scenarios implementing alternative providers when necessary or storage of additional supplies.

Critical data should be backed up frequently, daily and stored on immutable storage to minimise data loss in potential attacks. Multiple backups should be created to ensure redundancy, stored offline and offsite to ensure the business can recover from multiple events that could befall your business, such as a ransom attack or natural events like fire or flood. Backups should be a regular practice as to recover your business after malware infection the machines can’t be trusted, and you will need clean versions of your systems prior to the event for safe restoration.

At Cybit, we work with companies to deliver world-class cybersecurity services and solutions. These solutions are tailored to our customers’ specific needs and business environments, backed up by proven cutting-edge technologies and expertise. As a business, we recognise the importance of taking the time to understand our partners to ensure we deliver the correct solutions and that resilient cyber security systems are in place.

—

About Ben Large

 
Ben Large is a seasoned Cyber Security Evangelist with over 20 years of experience. He provides thought leadership, supporting sales teams, and protecting customers from cyber threats. Ben excels in creating solutions that drive sales, developing innovative products, and training teams to be vigilant and effective. His passion lies in safeguarding assets, data, and company reputations, as well as mitigating and hunting insider threats. Ben thrives in dynamic environments and enjoys collaborating with talented teams. He has worked with customers across various sectors, including Government, Finance, Legal, Defence, and household brands, and has a notable track record of protecting people of interest during critical times.