Accenture’s Wandile Mcanaya outlines the processes for resolving a ransomware attack.
The latest Ransomware Response and Recovery study conducted by Accenture has highlighted an increase in cyber extortionists who are getting better and better at countering defences and increasing their levels of inflicted disruption.
Cyber threats are becoming more extensive across different industries, sectors and affect big and small businesses alike. Most recently in the headlines is the supply chain ransomware attack on IT solutions provider Kaseya, which is affecting many businesses across the world.
According to Wandile Mcanaya, security lead for Accenture in Africa, these are the top three challenges businesses are experiencing in ransomware defence:
1. Established ransomware extortionists are increasing attacks
Ransomware operators who’ve had more success are improving their efforts as a means to focus on monetising more opportunities.
2. Improving abilities to disrupt is the order of the day
Ransomware operators are incentivised to inflict more disruption as this leads to demanding a higher ransom from their victims.
3. There is a lack of resilience in business growth and service-related strategies
Once data is stolen and published, this opens up more opportunities for extortion.
“Ransom demands are growing and becoming more customised – with threat actors assessing who is more likely to pay. If ransoms are paid, it can open the door to further criminality. Some ransomware operators have been sanctioned, potentially placing a ransom-paying victim in further legal jeopardy,” says Wandile.
He recommends that organisations that have become victims of ransomware attacks need to consider the following solutions:
Track down the attack: Methods to use to establish how the attack occurred include incident response, forensic analysis and threat intelligence. Also, have a thorough understanding of the intrusion as well as its measured impact.
Collaborate and report: Together with your legal counsel, ensure the fulfilment of statutory obligations by reporting an incident to the relevant authorities. For greater threat awareness, work with industry partners, consortiums and law enforcement.
Gain an understanding of the experience: Have you quantified the financial and reputational impacts of the attack and identified the metrics and resources to meet your C-suite’s expectations for cyber resilience? Align with your C-suite to ensure business leaders can prioritise and incorporate into business resilience plans areas such as cyber resilience as well as securing funding for improvements.
Ensure risk mitigations plans have been updated: Controls deployment or security transfer mechanisms are some of the aspects that need to be included to apply a risk mitigation strategy.
Improve defence posture: Have current vulnerabilities been fixed? Have the operating systems been updated? Enhancing the efficacy of threat detection and response operations are also some of the points to consider.
“Being resilient means robust processes, training and coordination across the business value chain,” says Wandile.