Ransomware protection:
Do people hold the ultimate power?
Standfirst: Cyber criminals rely on exploiting human nature to launch a ransomware attack. Here’s how to help people turn the tables.
Provided this isn’t your first day in cybersecurity, you’ll know this much: Ransomware isn’t new.
In tech years, it’s old enough that if it were a person, it would probably be suffering from lower back pain and contemplating finally taking up Pilates.
We know this means the topic can seem pretty stale too. But ransomware remains a very real cyber threat, so here’s a FREE report to help you minimize your risk.
Indeed, many ransomware groups, including those leveraging ransomware as a service (RaaS), are just hitting their stride. The pool of players is widening and there are countless ransomware variants for the budding cybercriminal to choose from—locker ransomware, maze ransomware, crypto ransomware, double-extortion methods, doxware, wiper malware . . . we could go on, but we won’t.
Good old ransomware (we’ve written extensively about it, check it out) is currently the fastest-growing form of cyber attack.
The UK’s National Cyber Security Centre (NCSC) considers ransomware as the biggest cyber threat facing the nation. Across the pond, Homeland Security continues to regard ransomware as a “national security threat.”
So, the chances are, you’ve got some cybersecurity measures in place right now. You’ve got your firewall, your email security software, and you follow every data protection promise listed on your privacy statement.
Maybe you have a ransomware incident response plan in place. Perhaps the US Secret Service Cyber Fraud Task Force on speed dial, just in case.
And rightly so. When malicious software is at large, defenses like security software and the right course of action can’t be ignored.
But in the never-ending mission to prevent ransomware attacks incidents, tech only gets you so far.
To forge long-lasting armor to guard against ransomware threats, you need something else as well.
You need your people. And they need you—to show them the way. They need to be bestowed with the power to prevent ransomware infection. And to do that, you need the right knowledge and strategy.
What does people-centric ransomware prevention look like, then?
1. Know your enemy
A key part of battle strategy for as long as battles have been around, but no less true here. You may know about the top ransomware threats right now, but do your people understand what they are, or how they operate?
We’re not talking about a jargon-heavy deep dive on the intricate workings though. Fun as that sounds!
Focusing on why ransomware attacks work, and how human nature helps grease the wheels, helps make people more mindful of how their psychology can be used against them.
Take urgency, for instance. Ransomware attackers use social engineering to their advantage. Ransomware actors posing with a time-critical request their chances of a successful ransomware attack are higher.
That’s because urgency encourages people to bypass some decision-making steps. Under pressure we are less rational. The takeaway for people is to slow down and step back, then act thoughtfully.
The takeaway for cybersecurity professionals is helping people navigate human-nature “traps” set by cybercriminals.
2. Less hype, more focus
The high-profile reports of ransomware attacks have inflated people’s image of ransomware as some sort of skyscraper-high monster, where all they can do is shut their flimsy door and hope it doesn’t set its sights on them.
Media focuses on the worst aspects of the attacks too. The eye-watering financial impacts, the way critical infrastructure grinds to a halt. And the last thing people need from you is more of the same.
Keeping up with threat intelligence is a good idea, fear—just like urgency—is bad for our decision-making function too. So instead of attempting to scare people into becoming flawless cybersecurity automatons (spoiler: it won’t happen), focus on the small things.
What do we mean by this? Things like checking the sender’s email address matches their name. Ensuring any attachments are things they expect and recognize. Just like that, you will have upped the odds significantly that they’ll spot a phishing email.
3. #NoJudgement
One of the best things you can do is adopt an empathetic stance and understand what makes people vulnerable to falling victim to a ransomware attack.
Humans aren’t about to stop becoming humans just because of cybersecurity. Work with them as the magical, complicated, individual beings they are. Encourage dialogue, welcome questions (there’s no such thing as a stupid question, ever, remember?)
Empowering people to be more vulnerable with you means they’re less likely to become a ransomware victim.
4. Build your never-never list
Cybercriminals depend on decision fatigue to catch people out and accept the payload. So lighten people’s decision load, with a list.
It could include:
We will never ask you to buy Apple vouchers for our niece’s birthday (true story).
We will never ask for your login details.
We will never ask for sensitive data via email.
Bringing the list to people’s attention regularly (and running phishing simulations that actually work) will mean when they’re faced with a threat actor posing as a c-suite member, they’ll think twice.
5. Celebrate and reward
Because you’re now oozing with empathy, you’re more approachable. So when someone comes to you to report a mistake or a near miss, give them credit for being open and for using pro-security behaviors.
When people know their efforts will be recognized, they will be more motivated to take a better, more considered course of action.
You’re asking for people to help make sure the criminals don’t win. So when that happens, celebrate your people!
Ransomware has survived this far by manipulating and exploiting human nature.
You can never rule out the possibility of one day staring down a ransom demand, true. But by giving people the support, knowledge and tools to respond in a pro-security way to ransomware threats, you can seriously enhance your organization’s security.
And that’s excellent news for your organization, devices, personal data, sensitive data, people, and finances.
You’re not alone in making this happen though. Influencing security behavior is the water we swim in, and we have lots more to share on human risk management.
Ransomware remediation
For many, this won’t be a new concept, but for the unfamiliar, ransomware remediation is the name given to a feature that figures out (and lets you know) whenever attempts are made to encrypt files by a new ransomware.
Once it has identified that an attempt has taken place, the ransomware remediation feature then automatically creates a backup of the files in question, so they can be restored after the malware is blocked.
In fact, ransomware remediation actually blocks all the processes it identifies as having been involved in the attack. And it notifies the user of this as it goes along.
In short, although ransomware remediation is a relative newcomer to the ransomware game, it’s a very handy weapon to have in your armory.
How should organizations handle ransomware?
The impact of not handling your ransomware right (or at all) as a business ranges from risky to downright devastating. But what should you do about it?
Firstly, it’s important to have a plan, which will both prevent and respond to ransomware attacks. Here are some key ways companies can prepare for and handle ransomware attacks:
Prevent ransomware attacks by implementing cybersecurity best practices (like keeping your software and operating systems updated).
Back everything up.
Have an incident response plan.
Communicate. With colleagues, clients, and stakeholders—be transparent.
Respond. If the worst should happen, do something about it. Maximize the chances of getting your data back.