Ransomware Attacks Continue: How Can Businesses Protect Themselves?
A recent alert from the FBI and the Cybersecurity Infrastructure and Security Administration (CISA) warned against advanced persistent threat (APT) actors actively scanning devices for certain critical vulnerabilities. These include Fortinet FortiOS SSL VPN devices that can be exploited to allow attackers to gain a foothold in your company’s network, launch ransomware, or steal your data. Businesses can protect themselves by patching these vulnerabilities.
This alert is immediate, and the FBIA and CISA note that further exploitation by criminal threat actors is likely to follow. They provide a list of recommended mitigations that organizations should take.
The trend of more frequent ransomware attacks has continued and presents a problem for businesses that will not go away. In fact, early last year, we wrote about how ransomware attacks have grown increasingly complex. Leaders Edge reports that ransomware has been successful for two reasons:
- Businesses have not developed and tested backup and recovery plans that enable them to fully restore systems encrypted by ransomware
- Businesses have not encrypted their data at rest
In completing these two steps, a business will have full backup and restoration capabilities and the ability to restore its systems, sending the cybercriminal elsewhere. However, businesses have chosen not to put together a backup and recovery plan and encryption because it can be difficult to do and could be expensive.
Right now, it is imperative that businesses start to invest in backup and recovery capabilities and work on encrypting data at rest. Underwriters for cyber liability insurance policies are looking more and more at what the preventative measures the organization is doing to protect against cyberattacks.
Cybersecurity insurance continues to be important and recommended, as it helps a business recover from a ransomware attack, security breach or other cyber event. The team at Rose & Kiernan, Inc. is here to go over the issues discussed in this blog post.