Defending the Enterprise From the Coming Wave of Ransomware Attacks

Ransomware attacks faded from the headlines after the notorious WannaCry outbreak in 2017 and the frequency of attacks declined in 2018. And yet, with ransomware threats seemingly in the rearview mirror, cybersecurity experts and the Information Security Forum’s 2018 Global Security Threat Outlook are suddenly forecasting a major resurgence of ransomware this year.

Why? Because ransomware never went away—it simply changed.

In the past, threat actors targeted any vulnerable computer they could find. Now, they’re targeting enterprise networks with cryptojacking malware. And with 80% of enterprise workloads migrating to the cloud by 2020, that means the cloud is set to become the next battleground in enterprise cybersecurity.

Ransomware: What to Expect in 2019

Ransomware poses a serious threat to enterprise security. According to FBI estimates, ransomware payments in the U.S. have totaled $1 billion or more in some years—a figure we could easily surpass in 2019 if cybersecurity forecasts are accurate.

Many, if not most, of this year’s ransomware attacks will occur in the cloud. But whether your organization’s data infrastructure exists in the cloud or on-premise, it’s important to understand the ransomware threat and how your enterprise should respond to it.

Every enterprise is vulnerable to the next wave of ransomware attacks. In 2019, many enterprises were lulled into a false sense of security about ransomware. But in the current environment, complacency may be fatal because the next wave of attacks will target enterprise networks. If you don’t think your enterprise is a target, you probably haven’t implemented systems and processes to counter ransomware threats. The time to start thinking about ransomware is now—before your business comes under attack.

When it comes to ransomware, the worst is yet to come. Although WannaCry and other ransomware attacks were devastating, they pale in comparison to the potential attacks that lie ahead. Threat actors in the ransomware arena are growing more aggressive, requiring enterprises to respond with sophisticated solutions. Temporary fixes won’t cut it in 2019. To protect your organization, you’ll need a more comprehensive security strategy.

The cloud is the new ground zero for ransomware attacks. Enterprise cloud environments feature the same level of security as data centers. In many cases, cloud environments are more secure. However, it’s important to recognize that cloud environments face the same threats as data centers. As ransomware attacks evolve, cloud providers will need to ramp up the sophistication of their security measures or leave countless enterprises exposed to cyberdisasters.

Enterprise IT shares responsibility for security with cloud service providers. The cloud allows enterprises to offload the burdens of managing a data center or network. But that doesn’t mean enterprises can completely outsource security to cloud services providers, especially given the seriousness of the ransomware threat in 2019. Instead, security must be the shared responsibility of the cloud provider and enterprise IT. While cloud providers are responsible for supplying the necessary architecture, enterprise IT shoulders responsibility for ensuring that the right measures are in place to protect the business from ransomware and other threats.

Some enterprises won’t know they’ve been hit until it’s too late. Ransomware actors rely on stealth—they often allow an attack to go on for weeks or even months before they notify their victims. Enterprises that believe they will immediately recognize an attack are mistaken and highly vulnerable to significant data loss. To mitigate risk and reduce exposure, intrusion detection and protection solutions are prerequisites for this wave of ransomware attacks.

False positives are a problem for many enterprises. Just as with the little boy who cried wolf, false positives breed complacency. If threat detection solutions routinely flag false threats, enterprise IT teams are more likely to overlook genuine threats when they occur, ramping up the organization’s risk exposure. Although false positives happen, enterprises will need to focus on the accuracy of security solutions to defend against attacks.

Untested disaster recovery plans will fail. The mere presence of backup and recovery plans isn’t enough. Enterprises that fail to routinely test and validate for their environments leave themselves vulnerable to ransomware attacks. By proactively testing and determining your responses to all possible scenarios, you can minimize the impact of potential attacks on your business and its bottom line.

Cloud segmentation is a factor. Cloud segmentation will play a key role in enterprise security. Although a robust monitoring program is important, enterprises will need to evaluate their cloud segmentation strategies to withstand an attack. In the unfortunate event of a breach, the enterprise needs to know that a ransomware infection won’t infect its entire cloud environment.

The odds are stacked against your enterprise. A successful ransomware attack can yield a serious payday for hackers. So, not surprisingly, threat actors are highly motivated to not only step up their attacks on enterprises, but to constantly adapt their tactics. Whether you know it or not, the probability of an attack on your enterprise is on the rise and the odds will be stacked against your organization if you don’t have a security strategy in place.

Savvy enterprises are nailing the basics. The good news is that a security strategy against ransomware attacks is achievable for nearly all enterprises. In 2019, enterprises that master the basics will be in a better position than those that refuse to take any additional security measures. Start by investing in intrusion detection and protection technology that alerts you when an abnormal number of files are updated, and provides multiple recovery checkpoints with different retention points.

Next Steps in Enterprise Security for Ransomware

The ransomware threat for enterprises in 2019 is very real and it’s important to act as quickly as possible to protect your organization. The cloud-based nature of the next wave of attacks means that enterprises must evaluate their cloud strategies to adequately defend against threat actors.

Right out of the gate, enterprises should consider a multi-cloud strategy. In addition to enabling your organization to avoid vendor lock-in, a multi-cloud approach mitigates the impact of a breach originating from any given vendor. In general, a multi-cloud strategy is more cost-effective, scalable, and secure than relying on a single cloud services provider.

Similarly, it may be useful to perform a platform audit. Enterprises frequently use comprehensive platform audits to highlight areas for cost savings. But they can also help determine the enterprise’s security readiness for ransomware and other cyberthreats. At a minimum, a platform audit will clarify areas where enterprise IT needs to take action.

Finally, it’s essential to manage your organization’s cloud platforms effectively. A multi-cloud strategy and hybrid cloud architecture can present significant management challenges, so you may need to engage a third party to help manage your platforms and eliminate gaps in security.

The possibility of a successful ransomware attack is a terrifying thought for leaders of any organization. Although we’re currently facing an elevated risk from ransomware, your enterprise is far from helpless. By understanding the ransomware threat and taking the appropriate steps now, you can insulate your business from the impact of an event in 2019 and beyond. 

For more articles like this, check out the Cyber Security Sourcebook here.