勒索软件现在是美国企业中最常见的网络安全威胁.S. 企业,影响各种规模的组织. 在COVID-19大流行期间,勒索软件攻击有所增加, as cybercriminals take advantage of the more vulnerable landscape that has resulted from a drastic shift to widespread remote work strategies.
We are now seeing more opportunistic attacks because cybercriminals no longer need to be very experienced to break into an organization. 事实上, threat actors have turned ransomware into a profitable business, with premade ransomware-as-a-service(老城) 越来越受欢迎的平台. 随着勒索软件攻击的不断发展和变得越来越复杂, 企业必须采取积极措施来应对日益增长的风险.
勒索软件攻击的现状
考虑到当前的勒索软件环境, it’s no surprise that many middle market companies said they know a peer who has suffered an attack or have been a target themselves. The RSM US Middle Market Business Index 2022 网络安全 Special Report found that 41% of middle market executives know of a company that has been a target of a ransomware attack, 23%的人自己也经历过攻击. 与勒索软件攻击有关的问题更加复杂, 7%的高管在2021年经历了一次以上的攻击. 这是网络犯罪分子的常用策略——一旦发生违规行为, they will continue to attempt to attack the company until it proves that its network is secure.
Middle market executives appear to understand that ransomware is not going away and the threat is only growing. 事实上, 62% of respondents in the RSM survey said their organizations are likely targets for ransomware attacks this year, 比去年的报告增加了5%.
采取防范勒索软件的措施
The unfortunate reality is that ransomware will continue to be a threat moving forward, 而且你可能无法阻止勒索软件进入你的组织. 很多威胁行为者都很老练, 如果有足够的时间, 他们很可能会绕过控制进入你的环境. So you must consider two things when developing a response to ransomware risks: how to make your business less of a target and how to limit damage if someone does manage to access your organization.
While nothing can completely protect your organization against ransomware attacks, 以下措施有助于减少攻击的可能性或范围:
遵循网络安全框架
Some helpful guidance has recently been published from respected organizations to help curb the spread of ransomware attacks. 例如, last year the National Institute of Standards and 技术 (NIST) 发布了一份情况说明书和信息图表 and the NIST IR 8374 (网络安全 Framework Profile for Ransomware Risk Management) with tips and tactics to protect against threats and recover from a potential attack.
制定事件响应勒索软件剧本
Your organization can leverage available guidance and advice to develop a strategy that outlines what you should do if you suffer an attack. 勒索软件的情况是一个混乱的事件,但每一分钟都很重要. 你应对攻击的时间就越长, the more costly it will be from a forensics perspective and from a disclosure perspective.
The ability to detect an attacker and then respond to the event is the only thing that is preventing a huge financial liability from that specific attack. 因此,消除任何潜在的歧义必须优先考虑.
确保你的网络保险政策是最新的
随着网络安全威胁的盛行, 有效的网络保险政策从未像现在这样重要. 然而, 最近,网络保险的格局发生了重大变化, 减少了覆盖范围, 随着供应商支付更多索赔,利率上升,承保审查更加严格.
然而, 即使网络保险政策发生了变化, 它仍然是你的网络安全态势的必要组成部分. You should consult with your insurance provider to ensure that your policy continues to align with your risks and take steps to put yourself in a more advantageous position from a coverage perspective.
确保您拥有强大的业务连续性和灾难恢复程序
从业务连续性的角度来看, your organization should implement thorough segmentation for networks and applications to make it more difficult for an intruder to move around once they get inside.
中断后,你能多快恢复? An effective disaster recovery strategy is not only helpful during a natural disaster, but it can help transition or restore operations while limiting downtime during a ransomware event.
考虑托管服务
A growing number of smaller and mid-sized companies are leveraging third-parties to manage core security functions essential to the mitigation of ransomware risks. Those functions include, but are not limited to, some of the below activities:
- 托管安全监控
- 托管端点检测和响应
- 管理补丁和漏洞管理
勒索软件的风险发展得如此之快, and some companies simply do not have the internal talent and experience to keep up. 而不是让公司面临更大的风险, outsourcing to an organization with more experience and resources often makes the most sense.
Outsourced 网络安全 solutions are increasing in popularity as a practical alternative to managing security in-house. 随着威胁的频率和严重程度不断升级, implementing a solution and maintaining it may no longer be feasible for many companies.
进行技术测试
A trusted third-party can evaluate your security environment and perform technical testing to determine the likelihood and impact of a ransomware attack. 例如, RSM provides a comprehensive ransomware risk assessment that evaluates the potential risk and spread of an infection through penetration testing techniques, 分析业务连续性和事件管理程序, 执行勒索软件桌面练习, 并且可以帮助纠正任何确定的具体问题.
勒索软件一直是一个问题, 但风险正在迅速演变, 对于各种规模的公司来说,这种威胁现在是非常现实的. 和许多类型的网络安全攻击一样, 犯罪分子比许多控制手段更先进, and your organization must use available resources to develop a security approach that includes strategies to both prevent and remediate ransomware attacks in order to limit financial exposure and reduce downtime.
