Combating Ransomware: Don't Let Your Data Be Held Hostage

Written by Srinivasan CR, Executive Vice President, Cloud and Cybersecurity Services & Chief Digital Officer, Tata Communications.

Originally published on TechRadar.

Enterprises today operate in a digitally connected world, where technology and connectivity are the core of their digital transformation strategies and operations. However, with hyperconnectivity, organizations must also contend with hyper exposure to cyber risk.

Ransomware is one of the most disruptive and destructive risks that enterprises face. A report by Sophos found that two thirds of organizations worldwide were hit with ransomware attacks in 2021, a 37% increase over the previous year. With modern enterprises relying extensively on data to run their operations, cybercriminals can effectively shut down an entire organization by taking their data hostage.

Moreover, ransomware attacks are becoming increasingly sophisticated and multi-layered. For instance, by encrypting and exfiltrating their victims’ data, cyber perpetrators can extort more money by threatening to expose the information to data leak sites or underground forums.

The business costs can be significant. Companies hit by a successful ransomware attack experience an average downtime of three weeks, according to The Institute of Security and Technology, and cyber attackers made roughly $457 million in ransomware profits in 2022, according to Gizmodo.

So, what can organizations do to protect their business? Here are five important considerations:

1. Reinforce cyber hygiene:

Good cyber hygiene practices include disciplined vulnerability assessment and management where all operating systems, software, firmware, and network devices are constantly updated. Additional attention is needed for end-of-life and end-of-support applications and devices. Organizations should also enforce robust password regimes and leverage measures, such as MFA (Multi-Factor Authentication), to minimize the chances of unauthorized access.

People form another critical aspect of cyber hygiene. Organizations should conduct regular cyber awareness training to raise employees’ security knowledge and awareness. They should also conduct exercises, such as phishing attack simulations, to elevate employees’ cyber vigilance. These steps are vital to preventing ransomware delivery through social engineering.

2. Adopt a zero-trust approach:

Organizations should look at transforming their security infrastructure based on zero trust principles. In simple terms, zero-trust means that an organization does not automatically trust anything inside or outside of its perimeter. Every access request needs to be fully validated to ensure its legitimacy.

The impetus to adopt a zero-trust framework is the dramatic growth of endpoints within organizations and the need for more devices to communicate directly with applications. Zero-trust allows enterprises to verify access requests based on identity and user context and limit access to specific applications to authorized users, creating a more secure digital environment.

3. Vault your data:

Effective preparation is the key to minimizing the impact and disruption that ransomware attacks can bring. Frequent data backups, regular testing of backup restoration, and storing data in vaults are critical to avoiding a data hostage situation.

Organizations need to recognize that paying the ransom is never a recommended path. Instead, they should focus on preparations that allow them to get back on their feet swiftly. The optimal approach to addressing a ransomware incident is to execute data recovery from the offline data storage to resume operations.

4. Upgrade your defenses with a security operations center:

Enterprises can adopt a more proactive cybersecurity stance by creating their own security operations center (SOC) or subscribing to one. Through an advanced SOC, organizations can move beyond security information and event management (SIEM) tools with curated Cyber Threat Intelligence Feeds that are credible and actionable. Additionally, integrating Security Orchestration and Automation (SOAR) can give enterprises the ability to automate containment actions swiftly. Also, enterprises should leverage user and entity behavior analytics (UEBA) and detection tools to more holistically extend detection and response (XDR). Tapping on XDR can give enterprises the ability to secure all data across their digital estate.

Besides having the right technological tools and framework, another critical component of a fully functional SOC is talent. The SOC needs to be manned by a team of highly skilled cyber defenders with deep knowledge of the enterprise estate. As the cybersecurity industry faces a manpower crunch, organizations can look to managed security service providers to fill the gap.

The SOC team can also help enterprises develop a ransomware response checklist and incident response plan. This includes understanding applicable state data breach laws, mapping communication procedures, and ensuring the contacts matrix is up to date. In addition, organizations can further evaluate their readiness by conducting periodic incident response drills.

5. Secure your digital ecosystem:

Lastly, in today’s digitally connected world, enterprises have many dependencies as they look to deliver value across their ecosystem of partners, suppliers, governments, and institutions. They must evaluate the security posture of their third-party partners and ensure all connections between third-party vendors and outside software or hardware are monitored and reviewed for suspicious activity. Cybersecurity assurance should also be critical evaluation criteria when selecting partners and vendors. Organizations need to be able to trust their partners’ capabilities to secure the data they share with them.

With the industrialization of cybercrime and the rise of ransomware-as-a-service, ransomware attacks have become advanced, destructive, and challenging to defend. To keep their digital assets safe and prevent their data from being taken hostage, enterprises need to continue to evolve their cyber defenses.

By seeking a trusted cybersecurity partner to help evaluate their security posture, improve their defenses, and elevate their cybersecurity strategy to the next level, organizations can better protect their continuity while ensuring they stay one step ahead of cyber adversaries—especially in the face of increasingly potent ransomware attacks.

About the Author

Srinivasan CR is the Executive Vice President - Cloud and Cybersecurity Services & Chief Digital Officer for Tata Communications. In this role, Srini is responsible for the overall digital and security strategy and execution for Tata Communications – a global digital ecosystem enabler to large enterprises globally. A technologist and a business leader, Srini is also the Global business head for cloud and security businesses at Tata Communications enabling digital transformation initiatives for customers. Srini will continue to be responsible for creating industry standards in cloud computing solutions for customers coupled with solidifying the internal digital processes and delivering technical solutions to enhance business growth and productivity. Srini’s experience spans over 25 years in enabling business technology solutions. He has worked in large enterprises, co-founded a start-up, custom- created new platform-based solutions and leveraged technology to help build sharper customer experiences and differentiated business models. In his long career Srini has worked with CMS Computers, Citibank India and Sify. He also had a brief stint at VSNL international. He then went on to co-found 7strata IT Services Pvt. Ltd., a remote infrastructure management company, which was later acquired by Mindtree. He returned to Tata Communications in June 2010 in a leadership position in the data centres division. Srini has a Bachelor’s degree in engineering from University of Madras.