Ransomware is now the most common 网络安全 threat among U.S. businesses, affecting organizations of all sizes. Ransomware attacks have grown during the COVID-19 pandemic, 随着网络犯罪分子利用远程工作策略的急剧转变所导致的更脆弱的环境.
我们现在看到了更多的机会主义攻击,因为网络犯罪分子不再需要非常有经验才能闯入一个组织. 事实上,威胁行为者已经把勒索软件变成了一项有利可图的业务 ransomware-as-a-service (RaaS) platforms growing in popularity. As ransomware attacks continue to evolve and become more sophisticated, companies must take proactive steps to address the growing risks.
The current state of ransomware attacks
Considering the current ransomware environment, 毫不奇怪,许多中端vwin娱乐场官方公司表示,他们知道有同行遭受过攻击,或者自己也成为了攻击目标. 《RSM美国中端vwin娱乐场官方业务指数2022网络安全特别报告》发现,41%的中端vwin娱乐场官方高管知道某家公司成为了勒索软件攻击的目标, and 23% have experienced an attack themselves. Compounding the issues related to a ransomware attack, 7% of executives experienced more than one attack in 2021. This is a common tactic by cybercriminals—once a breach occurs, 他们将继续尝试攻击该公司,直到它证明其网络是安全的.
中端vwin娱乐场官方的高管们似乎明白,勒索软件不会消失,威胁只会越来越大. 事实上, 在RSM调查中,62%的受访者表示,他们的组织今年可能成为勒索软件攻击的目标, a 5% increase from last year’s report.
Taking protective measures against ransomware
不幸的现实是,勒索软件将继续成为未来的威胁, and you may not be able to prevent ransomware from entering your organization. Many threat actors are sophisticated enough that, 如果有足够的时间, they’ll likely be able to bypass controls and enter your environment. 因此,在制定应对勒索软件风险的措施时,您必须考虑两件事:如何使您的业务不那么容易成为攻击目标,以及如果有人设法进入您的组织,如何限制损害.
虽然没有什么可以完全保护您的组织免受勒索软件的攻击, the following actions can help to reduce the potential or scope of an attack:
Follow a 网络安全 framework
一些受人尊敬的组织最近发布了一些有用的指导,以帮助遏制勒索软件攻击的传播. 例如,去年美国国家标准与技术研究院(NIST) released a fact sheet and infographic NIST IR 8374(勒索软件风险管理网络安全框架概要)提供了防范威胁和从潜在攻击中恢复的提示和策略.
Develop an incident response ransomware playbook
您的组织可以利用可用的指导和建议来制定策略,概述在遭受攻击时应该做些什么. A ransomware situation is a chaotic event, but every minute matters. The longer it takes you to respond to an attack, 从取证的角度和信息披露的角度来看,代价就越大.
检测攻击者并对事件做出响应的能力是防止特定攻击造成巨大财务责任的唯一方法. Therefore, eliminating any potential ambiguity must be a priority.
Make sure your cyber insurance policy is up to date
With the prevalence of 网络安全 threats, an effective cyber insurance policy has never been more important. 然而, the cyber insurance landscape has changed significantly recently, with reduced coverage limits, rate increases and more underwriting scrutiny as vendors pay out more claims.
然而, even with the changes to cyber insurance policies, it is still a necessary part of your 网络安全 posture. 您应该咨询您的保险公司,以确保您的政策继续与您的风险保持一致,并采取措施从保险范围的角度使自己处于更有利的位置.
Ensure you have strong business continuity and disaster recovery procedures
From a business continuity perspective, 您的组织应该为网络和应用程序实现彻底的分段,使入侵者一旦进入内部就很难四处走动.
Following a disruption, how quickly can you recover? 有效的灾难恢复策略不仅在发生自然灾害时有用, 但它可以帮助过渡或恢复操作,同时限制勒索软件事件期间的停机时间.
Consider managed services
越来越多的中小型公司正在利用第三方来管理核心安全功能,这对降低勒索软件风险至关重要. 这些职能包括但不限于以下一些活动:
- Managed security monitoring
- Managed endpoint detection and response
- Managed patch and vulnerability management
Ransomware risks are evolving so fast, 一些公司根本没有足够的内部人才和经验来跟上这个步伐. Rather than put the company at more risk, 外包给有更多经验和vwin娱乐场官方的组织通常是最有意义的.
外包网络安全解决方案作为内部安全管理的vwin德赢娱乐替代方案越来越受欢迎. As the frequency and severity of threats continue to escalate, 对于许多公司来说,实现解决方案并维护它可能不再可行.
Undergo technical testing
受信任的第三方可以评估您的安全环境并执行技术测试,以确定勒索软件攻击的可能性和影响. 例如, RSM提供全面的勒索软件风险评估,通过渗透测试技术评估感染的潜在风险和传播, analyzes business continuity and incident management programs, performs a ransomware tabletop exercise, and can help remediate any specific issues identified.
Ransomware has always been a concern, but risks are evolving at a rapid pace, and the threat is now very real for companies of all sizes. As with many types of 网络安全 attacks, the criminals are more advanced than many of the controls, 您的组织必须利用可用vwin娱乐场官方来开发一种安全方法,其中包括预防和修复勒索软件攻击的策略,以限制财务风险并减少停机时间.
