Combatting ransomware with training: the best defence is education

ramsomware image 1

Ransomware is to data as Glaucoma is to Optometry. One steals away data as the other steals away sight. Ransomware, a type of malware that threatens to perpetually block access to a victim’s data unless a ransom is paid, affects everything from small businesses right up to the largest of organisations and government institutions.

Some reports suggest that ransomware attacks are becoming more prevalent. In 2020, a CheckPoint study saw a 50% increase in the daily average of ransomware attacks in Q3, compared to the first half of the year (1). One survey found that half of all respondents detected a ransomware attack in 2019, resulting in business disruption and possible data loss in nearly 75% of cases (2). In fact the consensus in the security industry with regards to being compromised by malware is becoming a ‘when, not if’.

Risk factors can be managed by appropriate security, backup and software patching provisions. These are crucial not only for prevention but also the recovery process post-infection.

That said, is there more that can be done to protect ourselves beyond these technical safeguards?

According to the Centre for Internet Security (CIS), a non-profit industry leader in designing best-practice standards for securing IT  and data systems, the most common vector for ransomware infections is “user-initiated actions” (3). Indeed, this is broadly true of malware historically. In responding to this, training is key.

What are “user-initiated actions”?

CIS defines these as “actions such as clicking on a malicious link in a spam email or visiting a malicious or compromised website”. In short, “user-initiated actions” are actions that involve ’the human element’, the activities of the person using the device. Therefore, it stands to reason that if we can mitigate ’the human element’, we can go a long way to improving our defences.

Ransomware, a type of malware that threatens to perpetually block access to a person’s data unless a ransom is paid, affects everything from small businesses right up to the largest of organisations and government institutions.

Given it is neither practical nor legal to eliminate humans, we are left with the route of mitigation through training.

A 2020 industry study produced by CyberEdge (4) found that one of the largest obstacles to security is “low security awareness among employees”.

Here are a few high-level training steps to help minimise the risk of a Ransomware attack:

  • Invest in practical and ongoing security awareness programmed that can help staff understand and minimise risk.
  • Invest in an incident management and response program, identified by CIS, as a key step in dealing with Ransomware and other scenarios.
  • Practice what the incident management and response program preaches. Many businesses have these programs have never practically rehearsed them, conducting paper exercises only. This lack of rehearsal was observed as an aggravating factor in the ransomware breach that affected the NHS in May 2017 (5).
A 2020 industry study produced by CyberEdge found that tied first place as the largest obstacle to security is 'low security awareness among employees'.

No sports team takes to the pitch with a paper plan only, nor does any team take to the pitch without their players having been trained or having trained together. Training and rehearsals should be active and scenario-based, as opposed to passive information dumps via email and presentations.

Play out scenarios, run practical tests, gamify the training (many companies provide services to do exactly this). We teach our patients good optical hygiene through practical demonstration, not just through marketing materials, we should do the same for our cyber hygiene.

References:

1. https://blog.checkpoint.com/2020/10/06/study-global-rise-in-ransomware-attacks/
2. https://www.sophos.com/en-us/medialibrary/Gated-Assets/white-papers/sophos-the-state-of-ransomware-2020-wp.pdf
3. https://www.cisecurity.org/blog/ransomware-facts-threats-and-countermeasures/
4. https://cyber-edge.com/cdr/#infographic
5. https://www.nao.org.uk/wp-content/uploads/2017/10/Investigation-WannaCry-cyber-attack-and-the-NHS-Summary.pdf

DSC00004_2

Darragh Leahy is Head of Cloud and Infrastructure Services for Ocuco Ltd. He is a cyber security specialist, holding two master’s degrees: one in Cyber Security and another in Digital Innovation. At Ocuco, he oversees the design and implementation of networks, security solutions and data centre environments. Darragh is also an expert in Healthcare and General Data Protection Regulations, such as GDPR, HIPAA and Canada’s PIPEDA.