Imagine sitting at your desk and opening an e-mail that appears to have come from a trusted contact. You click on a link in the e-mail and within three seconds critical data that is integral to your organization's operation is encrypted - and inaccessible. This scenario is terrifying and yet, unfortunately, it is being played out with ever-increasing frequency in organizations of all sizes.
If there was any question as to whether there was a realistic Cyber threat to your organization, that question has been answered with a resounding YES by the emergence of ransomware. Conceptually simple as it is technically complex, ransomware is software that encrypts important electronic data and provides a mechanism for the victim to "pay a ransom" to get the data unencrypted.
The facts surrounding ransomware are troubling. Law enforcement agencies are reporting dramatic increases in ransomware incidents, regardless of industry type or company size. Ransomware can be widely deployed with very little effort and is effective even against individuals. Hackers continue to build on prior iterations of programs to generate new versions that are even more sophisticated. The result is that organizations large and small are being hit with ransomware incidents and immediately thrust into a nightmare scenario of evaluating a time-sensitive ransom demand while operations depending on the affected data are suspended.
So what can be done? At a high level the answer is straightforward - do not ignore the threat, prepare for it. Preparation for Cyber incidents starts with tasking someone internal with ultimate responsibility for addressing Cybersecurity at your organization. That person should often rely on the counsel of external trusted advisors to assist.
Additionally, employee training and awareness is key to minimizing the occurrence of incidents. There are a number of technical measures that can be employed to reduce both the likelihood and impact of an incident, including e-mail and antivirus scanning, network monitoring, frequent updating and patching of software, and regular backups.
While all of the training and technical measures are critical, they cannot entirely eliminate the threat. So-called "zero day" malware exploits previously unknown bugs in software and therefore cannot be detected by even up-to-date antivirus. Likewise, ransomware continues to get more sophisticated in its delivery mechanisms and in some cases can be delivered without user interaction.
Therefore, a critical but often overlooked aspect of Cyber defense is incident response, planning, and testing. While Cyber incidents are essentially impossible to foreclose entirely, the attack vectors are relatively predictable. Putting together a robust incident response plan requires a careful consideration of possible scenarios, which can then be planned for and the response tested. Tabletop exercises are mock exercises that can be tailored to test the response of any size organization to the most critical types of threats, exposing holes and inefficiencies that can be addressed before they are realized. Taking steps like these can reduce risk considerably and give you confidence and peace of mind in preparing to face any Cyber threat.