How to deal with the growing threat of ransomware

For businesses, a ransomware attack causes catastrophic financial and reputational damage. The growing threat of ransomware was vividly demonstrated in August 2022 when the Clop ransomware gang attacked South Staffordshire Water, which supplies 330 million litres of drinking water to 1.6 million consumers every day. Clop did not just threaten to encrypt data or leak sensitive information. It claimed to have accessed supervisory control and data acquisition (SCADA) systems that “control chemicals in water”. The implied threat was clear: pay up, or we’ll poison the water and shut off supplies.

This time, the supply was not interrupted, and the water was not contaminated. The incident disrupted IT systems but did not affect the company’s ability to supply safe water to its customers. The damage could have been much worse.

However, it reminds us that when threat actors target critical national infrastructure, they can wreak havoc on a national or even international scale. Unfortunately, the attack on South Staffs Water will not be the last of its kind. Cases of ransomware are growing and businesses of every size are at risk.

The Changing Face Of Ransomware: to pay or not to pay?

When ransomware gangs attack, organisations may be tempted to simply hand over the cash (or the crypto) and hope the bad guys go away. This approach is dangerously flawed because ransomware gangs don’t just disappear if you pay them. Gartner data found that 80% of organisations that paid out a ransom were targeted for a second time. Censornet’s research has also found that one in five (21%) mid-market organisations suffered a ransomware attack and subsequently paid the ransom. The average payout was £144,000, with 7% handing over more than £500,000.

There is no guarantee that ransomware gangs will keep their promises to unlock systems or decrypt data. It is important to remember that although some gangs are motivated by financial gain, others simply want to do as much damage as possible. They may carry out a threat to publish sensitive data after payment is made, for instance, or refuse to meet their promises. A payment offers no protection and can sink a business. A fact borne out in a report which warned that 60% of small businesses close within six months of a cyberattack.

How To Protect Your Business Against Ransomware

Many organisations are concerned about cybercrime yet do not know how to respond. When an attack has started, it is too late to call for help. The best defences lies in deploying security systems that can block extortion attempts and keep the ransomware gangs at bay. Here are three tips on how to protect your organisation:

1. Eliminate Gaps In Your Security Posture

Protecting an organisation from ransomware is much more difficult when defenders rely on a vast and unwieldy array of point products. The solution is a platform which integrates several different products and allows them to share attack intelligence at machine speed. Gartner predicts that 80% of enterprises will have adopted a strategy to unify web, cloud services and private application access from a single vendor’s security service edge (SSE) platform by 2025.

Censornet’s integrated autonomous cloud security solution integrates email, web, cloud and identity security applications into one platform. Mind the gaps to improve your defences.

2. Fuse Identity and Context

Security solutions should be capable of assessing both identity and context to manage who is allowed to access sensitive information. Censornet’s Multi-Factor Authentication (MFA) secures access to systems, services and applications, protecting with more than just a password. Our Identity-as-a-Service (IDaaS) solution enables single sign-on (SSO) and authenticates users using rich contextual information.

Context and identity are forming the new perimeter – so need to be protected using the very best security solutions.

3. Respond Autonomously

As ransomware attacks continue to become more sophisticated, the ability to react with speed and accuracy is imperative. Organisations need to ensure their cyber defences work together at lightning speed to stop ransomware and deny cyber criminals any opportunity for extortion.

The Autonomous Security Engine (ASE) works behind the scenes to share attack intelligence across all security applications, analysing a billion threats per day and working around the clock to ensure that threat actors cannot get a foothold.

Make the right security decisions today, and you will have some shelter from the raging ransomware storm that is about to hit us all.