The PCI Security Standards Council (PCI SSC) and National Cybersecurity Alliance published a bulletin in response to the rise of ransomware, citing an increase in high-profile cases and attributing an estimated $20 billion in cost to the attacks. The bulletin continues to showcase the severity of ransomware by highlighting that 37% of global businesses and organizations were impacted by ransomware in 2021 alone. The publishing seeks to dictate the circumstances surrounding the recent surge in ransomware and encourages businesses to implement the following ransomware risk management best practices: 

  • Understand the purpose of ransomware, the impact of the COVID-19 pandemic the frequency of ransomware attacks, and that the threat is universal to all businesses and sectors alike. 
  • Familiarize themselves with the PCI DSS data security standard and at a minimum encourage high-level security considerations across all aspects of the business. 
  • Develop a plan centered around risk identification, mitigation, reduction, and disaster recovery to prepare for when your organization is impacted by ransomware.  
  • Train employees at all levels of the business to recognize common cyber threats. 
  • Test system controls regularly and record your findings.  
  • Track and implement new security patches as frequently as possible. 
  • Continually monitor and back up your systems. 

Watch the webinar to learn more about how good IT Asset Management can protect your organization from ransomware attacks. 

What is Ransomware? 

Ransomware is a type of cyber threat that attacks internal systems to access data and exploit it for money. Ransomware groups gain access to data typically through password reuse or social engineering and use encryption techniques to gatekeep the information, selling it back to the owner for significant amounts of money. Traditionally, ransomware actors will stipulate that the payment must be received within 24-48 hours of the attack, or the information will be deleted and/or subsequently leaked if the company does not pay the ransom. 

What is Ransomware Risk Management and Why is it Important? 

Ransomware Risk Management refers to the implementation of holistic security so that multiple attack vectors can be avoided, thereby reducing the risk of falling victim to a ransomware attack. Ransomware attacks can be mitigated by applying thorough and specific risk management techniques to enhance your company’s overall security posture. 

As the threat landscape evolves, so do the types of attack vectors that businesses are faced with. Empowering your organization to operationalize holistic security measures across risk domains is crucial in developing a proactive risk management strategy. This is done by citing use cases for preemptive attack detection and successful risk mitigation, and direct mapping to key reference documents and frameworks. 

Watch the webinar to learn more about the importance of business resilience in the face of cyber-attacks.  

Steps to Mitigate Ransomware Risk 

In addition to citing use cases for proactive attack defense and staying on top of industry trends, here are a few things that your organization can do to action strong security across the business: 

  • Follow security best practices: Implement tactics like password management, continuous monitoring, patching, authorization techniques, restricted access, and continual education and training across the organization. 
  • Build an inventory: Inventory your assets, systems, and processes across the organization and your vendor ecosystem. 
  • Implement classification-based data storage: Classifying and separating data types can lead to a smaller impact in the event that an incident occurs. In theory, data separation increases a business’ chances that the impacted system did not contain sensitive information. 
  • Practice network segmentation: Network segmentation refers to the separation of environments so that in the event of a catastrophe, not all of your systems are compromised via one attack point. Beyond improving performance and decreasing traffic, network segmentation reduces attack surface area and protects your company. 
  • Create a detailed incident recovery plan: Develop and maintain a plan that includes consistent training, testing, and data restoration techniques. 
  • Build trusting relationships: Seek out and maintain both internal and external relationships with cyber security and law enforcement so your organization has support in the event of an incident. This includes creating and maintaining an offline list of contacts and resources for receiving cyber threat intelligence. 
  • Establish a crisis communications plan: Discuss communication preferences with your internal and external networks and create a crisis communications strategy that aligns. 

Each of the above empowers organizations to monitor and respond to security notifications. When security notifications are flagged, abnormal activity can be proactively recognized, enabling security teams to quickly react to, contain and recover from potential attacks. Leveraging security tactics in tandem with following a detailed incident response plan can save an organization critical time when incidents arise. 

How OneTrust Can Help  

The OneTrust platform leverages expertise in Vendor Risk Management, Privacy, GRC, and many other categories to deliver an immersive cybersecurity management experience. We enable you to gain visibility into all aspects of your organization’s security structure, allowing you to holistically protect both your customers and your data.   

 

Further Ransomware Risk Management Reading: 

Next Steps on Ransomware Risk Management: 

 

Follow OneTrust on LinkedIn, Twitter, or YouTube for the latest on ransomware attacks.