Targeted ransomware attacks have reached new heights, with a 62% global attack spike and a 158% increase in North American attacks alone. As ransomware incidents continue to rise, it’s critical that organizations stand up a security program that enables proactive attack defense. First, you must empower your business to operationalize strong defense mechanisms throughout its security program. This is done by citing use cases for preemptive attack detection and successful risk mitigation to break down key tactics at play. To start, let’s highlight a recent, successful defense against ransomware: The Accenture ransomware Attack.
Learn more about reducing your risk of ransomware: Supply Chain Attacks: The Rise of Ransomware and How to Reduce Your Risk
The Accenture Ransomware Attack: What Happened?
Accenture, a top-ranked global firm specializing in a diverse range of strategic business services, experienced an attempted ransomware attack in August 2021. The firm, which serves more than 6k clients and operates in over 120 countries, confirmed on August 12 that LockBit 2.0 ransomware group — a criminal group that operates using a ransomware as a service (RaaS) model similar to recent acting peers DarkSide and REvil — launched an attack against Accenture that resulted in the theft of data and encryption of servers. Here’s what is known so far:
- The issue occurred on July 30 due to a misconfigured system in an isolated cloud environment.
- The attackers demanded a $50M ransom for a reported 6TB of data.
- No Accenture internal systems were compromised during the incident.
- Accenture states that no customer data was accessed.
- The attack was contained and fully remediated, with the impacted servers back online.
- Due to the implementation of a robust security program, internal Accenture systems were not accessible from the original access point, protecting all the company’s client information and operations.
Learn how you can protect your organization from ransomware through IT Asset and Risk Management: Watch the webinar.
A Look into Accenture’s Successful Response
Accenture’s response to the incident showcases their competency in business resiliency and is an example that organizations across the globe should look to when preparing for similar internal incidents. In assessing Accenture’s success, there are three key tactics the company employed to help minimize the impact of ransomware:
- Network segmentation: The impacted network was a cloud environment with roughly 200 servers that were completely isolated from internal business systems. This segmentation of environments avoided a more catastrophic event. Beyond improving performance and decreasing local traffic, network segmentation comes with a host of benefits to the security of an organization by creating a reduced attack surface area.
- Data classification and classification-based data storage: Accenture insiders have claimed that no sensitive data was accessed, and files released to date have only contained public marketing information. Separation of sensitive data likely lead to a smaller impact as the systems impacted did not contain sensitive information.
- Proactive monitoring and response to security alerts: Accenture detected anomalous activity and was able to react quickly to contain and recover from the attack. Leveraging the visibility and security provided by the above tactics, along with having an incident response plan in place, empowers organizations to be proactive, saving critical time when incidents arise.
As ransomware continues to affect thousands of businesses and customers, it’s vital that organizations stand up an effective security program that prioritizes proactive attack defense and detection. Implementing proper security controls and protocol enables security teams to recognize risks and take immediate action against them, raising your odds of mitigating future attacks.
Explore how proper risk and asset management strategies can improve your odds of beating ransomware: How Good IT Asset and Risk Management Can Protect You from Ransomware
How Can OneTrust Help?
The OneTrust platform leverages expertise in IT Risk Management, vendor risk management, privacy and many other categories to deliver an immersive risk management experience. We enable you to gain visibility into all aspects of your organization’s security structure by building your program from the ground up, giving you a holistic look into your organization’s security posture.
Build a more secure supply chain by assessing your organization’s ability to prevent ransomware and understand where key weaknesses and threats exist in your system: Request a demo today.
Further risk mitigation reading:
- Blog: ITRM 101: The Impact of ITRM on Your Organization
- Blog: How Good IT Asset and Risk Management Can Protect You from Ransomware
- Blog: Risk Management: Making Your Organization First Line Friendly
- Blog: Risk 101 Part II: Taking Action & Mapping Your IT Risk Management Lifecycle
Next steps on risk mitigation:
- Watch the webinar: Supply Chain Attacks: The Rise of Ransomware and How to Reduce Your Risk
- Download the incident management playbook: Get access to the resource
- Watch the webinar: Ransomware Hacks: Are Your Vendors Vulnerable?