In the summer of 2019, over the span of just a few days, 22 Texas towns were struck by a coordinated cyberattack called a ransomware attack1. As a result, Texas Governor Greg Abbott ordered a Level 2 Escalated Response, meaning that the scope of the emergency had expanded beyond what could be handled by local responders.
Ransomware—a malicious software that spreads across networks and shuts down computers until a ransom is paid—is typically spread through phishing emails or by someone unknowingly visiting an infected website. A spate of attacks in the first half of 2021 has put cybersecurity in the spotlight: From January to July 31, 2021, ransomware complaints to the FBI’s Internet Crime Compliance Center increased 62% compared to 20202. It is vitally important for both government entities and businesses to understand the dangers presented by ransomware.
“Ransomware is a problem that can affect any business, large or small, so it’s critical to plan in advance for how to both protect against it and respond to it if it does occur,” says Wayne Hilt, Chief Information Security Officer at Huntington.
Beyond the considerable financial impact an attack can have, the long-term disruption of business operations and the damage to reputation that can result from such an attack can be substantial. For example, the Colonial Pipeline Company ransomware attack in May of 2021 led to a temporary shut down of the largest fuel pipeline in the U.S., leading to short-term fuel shortages and increased gas prices3.
And if a critical service such as 911 dispatch is affected, lives could be endangered.
“Ransomware can come from many sources, such as organized criminal organizations, nation-state actors, or one-off cybercriminals. It could be targeted or indiscriminately deployed,” says Hilt. “Either way, organizations need to be thoughtful about how they implement technology to reduce the likelihood of an attack getting in and, if one does, how they will limit the ‘blast radius’ to prevent an infection from propagating to critical systems.”
To help protect your organization from similar attacks, here are few things to consider:
Train Employees & Vendors
- Require that all employees take at least annual training on cybersecurity to equip them with the knowledge to identify and quarantine phishing and malicious emails, avoid clicking on suspicious links or attachments, and use strong passwords that are changed periodically.
- Review third-party connections and limit access to minimal essential functions.
- Keep all computer operating systems and applications up to date with relevant security patches.
- Back up all critical systems and data and, just as important, periodically verify the integrity of the backup and restoration process.
- Ensure antivirus, malware protection, and email security software are in place, active and on current versions.
- Provide a layered defense for critical systems and data. “Critical systems especially should take a belt-and suspenders-approach to ensuring they are protected,” says Hilt.
- Reduce or eliminate the use of vulnerable connection methods such as Server Message Block or Remote Desktop Protocol into your network. WannaCry, a May 2017 worldwide cyberattack, spread because of a vulnerability in the Server Message Block protocol4.
- Have cyber incident response plans in place, and don’t just put them on a shelf and forget about them. You need to periodically practice them.
- Have an independent audit performed on your networks annually to include attack surface mapping and penetration testing. “It’s easy for companies to become complacent with their security defenses, especially if they’ve been in place for a long time,” Hilt says. “But it’s critical to have independent validation of those defenses to make sure no blind spots are overlooked.”
- Consider purchasing cybersecurity insurance, but make sure you understand what the policy covers.
The rise in ransomware is part of an overall increase in destructive malware attacks worldwide. As a result, it is more important than ever to put practices that can help protect your organization to use.
“Organizations should have a well-practiced response plan for cybersecurity events in general, but it’s especially important to have one for ransomware, where time can be of the essence for containment,” Hilt says. “You must know who and how to engage internal resources as well as external parties like law enforcement.”
Contact your Huntington relationship manager to discuss the cybersecurity best practices and Huntington products that can help you reduce your cybersecurity and fraud risks.