Never waste a good crisis”, these famous words by Churchill could not be more relevant today as shown by the increasing number of ransomware attacks which have a significant impact on affected organizations and on our society. Since the first simple attacks in 2013 , much has changed in the way ransomware attacks are carried out. The danger is no longer present in just in a single infected attachment opened by an employee, but more and more often attackers have been accessing a network for days to months and are not only encrypting files but also erasing backup and code repository systems to prevent easy recovery. Especially for modern software driven organizations, the availability and reliability of data is of great importance.
The damage caused by ransomware attacks last year according to the FBI is $3.5 billion in the US alone. Cyber insurance companies also report an annual claim growth of 30% to 40%. In the media you will find weekly articles of organizations that have been affected by a ransomware attack. The recent SolarWinds hack is an example of how the impact can go beyond financial damages alone.
Which precautions can you take?
A layered approach is needed to effectively protect your organization against ransomware attacks. Most ransomware attacks are currently initiated via e-mail, where the in place spam filter is no match for the advanced attacks that are taking place. Also, system running older operating systems and/or unpatched systems have proven to be extremely vulnerable. But also using a non-isolated or unsecured backup solution can cause issues when trying to recover from a ransomware attack.
Fortunately more and more companies are realising the danger of modern ransomware attacks and are taking action. It’s also becoming increasingly clear that no single measure will offer a 100 percent guarantee against ransomware attacks, just as a smoke detector offers no guarantee against a fire spreading out. In addition to taking mitigating measures on a technical level, as described further in this article, we also recommend organizations to look at insurance policies to limit any damage caused by a ransomware attack. The number of cybersecurity insurance policies has increased by almost 50% annually, indicating that more and more companies are taking this threat seriously.
Despite the amount of media attention for ransomware attacks, such as the recent successful attacks on Canon, but also on companies such as Capcom and Whirlpool, there are still many companies that have not yet taken specific measures to increase ransomware protection. Even though a number of measures are relatively simple to implement. For example, if your organization uses Office 365, strongly consider activating Microsoft Defender for Office 365 (formerly called Advanced Thread Protection). Microsoft Defender for Office 365 protects your organization from advanced threats such as phishing and zero-day malware. The product is industry-leading because Microsoft uses billions of daily signals from Microsoft Intelligent Security Graph to improve real-time security. This prevents emails being an (to) easy entry point for ransomware attacks. Microsoft Defender for Office 365 is fully integrated with Office and works automatically across all devices without your employees having to install or configure anything. Even if your organization already uses an email scanning solution, Microsoft Defender for Office 365 is highly recommended because of the unique integration simply not possible with traditional external products.
The costs of Microsoft Defender for Office 365 (plan 1) is € 1.69 per employee per month.
More information about Microsoft Defender for Office 365 is available on this website.
DevOps and Github
If you are using development tools such as an onprem Git repo, local TFS or Azure DevOps Server, consider using Microsoft DevOps or Github. Microsoft provides multiple layers of protection to ensure the integrity of your source code.
For more information about DevOps and security, please visit this website.
Azure Backup
If you are still using a traditional backup solution for your files and servers, Azure Backup is a cost-effective way of backing up both servers as well as (hosted) VMs and Azure workloads. Azure Backup offers an isolated location outside your domain and ensures that your data is kept secure in an Azure Recovery Services Vault.
SQL Managed Instance
If your application uses SQL Server and you cannot use Azure SQL because your application needs for example CLR or Cross-database transactions, we recommend using SQL Managed Instance. A managed instance offers almost 100% compatibility with a traditional SQL Server on a VM (Enterprise Edition) and combines it with the ease of scalability of a PaaS service such as automatic patching, as well as additional services such as Transparent Data Encryption (TDE) and SQL Advanced Threat Protection.
For more information on SQL Managed Instance, see this website.
App and platform modernisation
If you are considering a migration to the Cloud, Intercept's article on "Rehost, Refactor, Rearchitect, Rebuild & Replace" offers relevant information for a carefully designed migration strategy, please see this link.
If you have any questions about the possibilities of Microsoft Defender for Office 365 for your organization. Let us know!