8 Steps Toward Building Better Resilience Against Rising Ransomware Attacks

8 Steps Toward Building Better Resilience Against Rising Ransomware Attacks
Cyber Resilience

06 of 11

This insight is part 06 of 11 in this Collection.

Technology

07 of 11

This insight is part 07 of 11 in this Collection.

November 13, 2023 6 mins

8 Steps Toward Building Better Resilience Against Rising Ransomware Attacks

Ransomware Attacks are Up 8 Steps to Build Better Resilience

With increasing ransomware attacks, building resilience is a top concern for business leaders.

Key Takeaways
  1. Q2 2023 saw a 176 percent jump in ransomware frequency over Q2 2022.
  2. Controls mandated by insurers have helped to mitigate ransomware risk, but resilience must still improve.
  3. Building cyber resilience through carefully planned strategy is the key to mitigating ransomware risk within an organization.

Throughout 2022, ransomware frequency declined as mitigation efforts appeared to take hold. Then the calendar turned to 2023 and trends changed. The second quarter 2023 saw a 176 percent jump in ransomware attacks over Q2 2022, according to Aon data — a warning sign to businesses that may have let their cyber security guard down.

Aon’s cyber industry professionals believe ransomware frequency will likely return to its regular growth trend line at least through the remainder of 2023.

 

Year-over-Year Cyber Incident Frequency Change by Quarter

8 steps to build better resilience

In early 2023, attacks primarily occurred in the following industries:

  • The education sector in 14 countries, including the U.S., and countries in EMEA and APAC1
  • Professional services firms, along with manufacturing, retail/restaurants, financial services firms and technology2

Critical Controls are Better, But Resilience Remains Top Concern

Cyber resilience remained a top concern for businesses in 2022. Organizations did, though, report an aggregate improvement in critical controls implementation, as insurers required more stringent risk management practices.

Critical controls that limit the probability of a ransomware event are an important part of the underwriting process. As capacity has returned to help soften the cyber market, underwriters continue to operate at a more in-depth, technology-driven and sophisticated level.3

Organizations focused more on cloud backup controls:

  • In Q1 2022, nearly every company failed to have a cloud backup.
  • One year later, only 34 percent of companies reported backups without cloud solutions.

Organizations should continue to focus on robust backup solutions. Sixty-eight percent of the companies in Q1 2023 still have no backup location offline, which limits their ability to recover critical data, not just from cyber events but also from outages and failures.

Business resilience also remains a concern. In Q1 2023 63 percent of companies reported that tabletop exercises were not conducted as part of business continuity and resilience planning.

With ransomware growing, special focus should be placed on endpoint system security. In Q1 2023 57 percent of companies lacked segregation of end-of-life software, amplifying vulnerabilities that provide an entry door to threat actors.

8 Ransomware Risk Mitigation Strategies 

These eight tips can help build cyber resilience and mitigate the risk of organizations falling victim to ransomware:

1. Be proactive — Ensure that the incident response (IR) plan/playbook and business continuity plan/disaster recovery have been assessed, reviewed and updated. Most importantly, ensure they are tested through simulated practice across realistic scenarios to help improve resilience. 

2. Educate employees on cyber security and phishing awareness — Companies must create a culture where all employees feel responsible for enterprise security. They should encourage individuals to detect and defend against threats, risks and attacks. Phishing is still a leading cause of unauthorized access to corporate networks, serving as the entry point for many ransomware attacks, and through artificial intelligence threat actors are making phishing campaigns look plausible, hooking victims at a higher rate. Training colleagues to not only spot a phishing email, but also report the email to their internal cyber security team, among others, has never been a more critical step in detecting an early-stage attack and reducing exposure. 

3. Employ multi-factor or “two-step” authentication — Multifactor authentication across all forms of login and access to email, remote desktops, external-facing or cloud-based systems and networks should be considered as a requirement for everyone. Multi-factor authentication also has the capability to help prevent the exploitation of stolen login credentials.

4. Keep systems patched and updated — Unpatched vulnerabilities can allow attackers to compromise corporate networks. They often identify vulnerable systems with a simple online scan. Attackers engage in this exercise broadly and indiscriminately, looking for exploitable systems on which to unleash ransomware and other cyber attacks. 

5. Install and properly configure endpoint detection and response tools — Tools that focus on endpoint detection and response can help decrease the risk of ransomware attacks. They are useful as part of incident investigation and response. Properly configured security tools provide a much greater chance of detecting, alerting and blocking threat actor behavior. 

6. Design company networks, systems and backups to reduce the impact of ransomware — Ensure all privileged accounts are strictly controlled. Segment networks to reduce the spread of adversaries or malware. Strong logins and alerts offer better detection and evidence in the event of incident response. Establishing a technical security strategy that is informed by architects that know the latest attacks and adversary trends is important, as is the use of continuous threat intelligence monitoring in open source and on the dark web. 

7. Consider risk transfer options — Because ransomware attacks can threaten an organization’s reputation and goodwill, its complete risk can never be fully mitigated or transferred. Regardless, organizations should consider obtaining appropriate cyber insurance coverage by reviewing how it addresses indemnification for financial loss, business interruption, fees and expenses associated with the ransom and incident response. They should also carefully consider service providers, such as the ability to work with incident response providers of choice. 

8. Pre-arrange your third-party response team — An effective ransomware response will often include all or some third-party expertise across the disciplines of forensic incident response, legal counsel, crisis communications and ransom negotiation and payment. As time is of the essence during a ransomware attack, it is critical to pre-vet and pre-engage a team of professionals to monitor and be ready to respond to an attack when it happens.

Mitigating the risk of ransomware is a challenge for all businesses, large and small. But with the right risk mitigation and backup strategies in place, organizations and their people will be better prepared and more resilient for whatever comes their way.

General Disclaimer

This document is not intended to address any specific situation or to provide legal, regulatory, financial, or other advice. While care has been taken in the production of this document, Aon does not warrant, represent or guarantee the accuracy, adequacy, completeness or fitness for any purpose of the document or any part of it and can accept no liability for any loss incurred in any way by any person who may rely on it. Any recipient shall be responsible for the use to which it puts this document. This document has been compiled using information available to us up to its date of publication and is subject to any qualifications made in the document.

Terms of Use

The contents herein may not be reproduced, reused, reprinted or redistributed without the expressed written consent of Aon, unless otherwise authorized by Aon. To use information contained herein, please write to our team.