Priorities in preparing for a ransomware attack: people, processes, and technology

Even though ransomware has existed for decades, this ever-evolving threat continues to be extremely effective, and it’s not going away anytime soon. According to data from our latest Fortinet 2023 Global Ransomware Report, two-thirds of organizations were targeted by ransomware and 50% of them fell victim to an attack. And data from our FortiGuard Labs 2H 2022 Threat Landscape Report indicates that the volume of ransomware attacks grew by 16% compared to the previous six-month period.

Although these statistics are unsettling, they aren’t surprising. With ransomware-as-a-Service (RaaS), even novice cybercriminals can easily launch sophisticated attacks and receive a quick payout if they’re successful.

Organizations need to be as tactically efficient as their adversaries, so it’s critical to have a complete picture of your current ability to effectively prevent, rapidly detect and comprehensively respond to a ransomware attack. In the fight against ransomware, organizations can and should assess and prioritize their technology, processes, and people.

Use technology to prevent ransomware

Make sure you have the right tools in place, and that their core technologies have continued to improve to match the latest threat actor techniques. According to a 2023 Global Ransomware Survey, the seven most-cited technologies (each viewed as important to ransomware protection by at least half of respondents) are Internet-of-Things (IoT) protection, next-generation firewalls (NGFWs), secure access service edge (SASE) solutions, cloud workload protection (CWP), endpoint detection and response (EDR), zero-trust network access (ZTNA) principles, policies, and tools, and secure email gateways (SEGs).

Security teams should also have secure backup procedures and solutions that ransomware attacks can’t compromise. Both must be regularly tested to ensure that data can be recovered as rapidly and reliably as possible.

Update processes to prioritize ransomware

Similarly, every organization should create, maintain, and periodically test and update an incident response (IR) plan. (In the 2023 Global Ransomware Survey, better people and processes were among respondents’ top three priorities.)  Make sure your plan includes specific information on countering a ransomware threat. This is another area where you can consider enlisting expert third-party assistance. Vendors like Fortinet can give you an objective evaluation and provide guidance and recommendations for improving your organization’s plan.

Ransomware should be a top concern of everyone from C-level executives and the board of directors. Make sure there is two-way communication with the C-suite and board of directors on cybersecurity-related topics and ensure that leadership is included in your IR plan, particularly in the escalation and crisis decision-making areas.

Train people to reduce risks

You shouldn’t be doing on-the-job training in the middle of a ransomware incident. Security teams need to effectively learn how to mitigate and respond to a ransomware threat before it happens. To educate and prepare teams, consider doing tabletop exercises that are specifically designed for ransomware scenarios. Training is available through the SANS Institute, Information Systems Audit and Control Association (ISACA), Cloud Security Alliance, and other associations or organizations. Also, encourage your staff to take advantage of free training provided by vendors like Fortinet on key cybersecurity topics.

Training shouldn’t be only for security teams. When it comes to security, everyone throughout the organization has a role to play. Get serious about security awareness training and determine whether it’s effective in changing employee behavior. Are your existing security awareness training programs just about checking a compliance or regulatory box? Or is it truly working to change employee behavior and reduce risk?

With increases in ransomware as a service and AI-enabled attacks, every employee needs to be more knowledgeable than ever to be able to spot and avoid threats. Consider educating and testing employees on these areas:

• Cybersecurity principles and why cybersecurity is so important
• Psychological approaches fraudsters and attackers use, such as bias, urgency, and social engineering
• Psychological principles employees should use when faced with potential threats, such as thinking the scenario through before acting or considering the context of the situation
• Current, real-world examples of threats perpetrated against employees
• How threat actors may use a multi-channel approach when targeting employees
• How AI is being used by threat actors and changing the caliber of threats

If you aren’t already, consider testing employees based on real-world attacks and scenarios that include social engineering. Testing through phishing, vishing, and smishing simulations can help employees recognize even complex and convincing threats.

Changing behavior is difficult, but cyber knowledge is more crucial than ever.

Ransomware is rampant, but help is available

Although ransomware presents tremendous risks, by prioritizing technology, processes, and people, you can reduce the likelihood of losing sensitive data and significant disruption of your operations from an attack. If necessary, you can engage expert help from third-party advisors like Fortinet for an independent assessment of your current readiness. Look at staffing levels and your existing expertise to make sure your teams have the right staff members and skill sets to mitigate a ransomware incident effectively.

By working with a vendor like Fortinet that delivers both cybersecurity technology and services, you can address your cybersecurity risks. Fortinet solutions are powered by machine learning and AI, and our Security Fabric integrates prevention, detection, and response capabilities to protect your enterprise against ransomware attacks throughout the entire life cycle of cyber kill chain; wherever your organization is most exposed. Fortinet services can help you assess operational readiness and train your team members so they can effectively respond in the event of a ransomware incident.

Find out how the Fortinet Security Fabric platform delivers broad, integrated, and automated protection across an organization’s entire digital attack surface to deliver consistent security across all networks, endpoints, and clouds.