The Risks of Ransomware
When discussing the dangers of ransomware, many at risk entities focus only on the prevention strategies, while spending less time understanding why these strategies are effective. Risks and liabilities within a company exist because of a lack of understanding, and it’s important to realize how those risks can make it easier for cyber criminals to enter vulnerable systems. Ransomware is a form of malware that can be difficult to manage; it can easily disrupt business operations and can halt production for weeks on end. This pause in business function is only the beginning, as manufacturers then have to face the risks of revenue loss, reputation damage, and possible business closure.
The manufacturing industry is especially at risk. Due to nonreporting, manufacturers have developed a false sense of security. Small businesses experience cyber-attacks at the same rate as large ones, but are less likely to recover. For this reason, TechSolve believes that manufacturers need to know more about cyber hygiene and best practices against cyber-attacks, and this includes ransomware, an increasingly common form of attack that debilitates systems.
How Ransomware Targets Manufacturing Employees
A ransomware infection occurs when a threat actor is able to gain access to a system. This can happen in a variety of ways, but the most common way that ransomware enters a system is through user error. It may seem surprising, but a company’s unaware employees are the most at-risk part of a system with good cyber hygiene. The worst part is, most users won’t even realize that they’ve exposed their company’s system if they haven’t received the proper training. With phishing attacks, login credentials, and basic internet browsing, it could be very easy for a user to encounter an infection agent.
For example, users of a company system could very easily fall victim to a phishing attack and have their credentials leaked. Phishing is a breaching method used by threat actors to trick a user into providing their credentials or performing a task, usually through a communication platform. This type of attack could compromise any platform within the system that uses those credentials, or the user could be doing something more malicious without even realizing it.
Beyond just phishing, which is one of the most common types of attacks, a user could be using a weak password, which a cyber-criminal could very easily guess or brute force. A user could download a normal-looking file that has malware embedded into it. The best way to combat the user risk involved is providing the best possible training to all company employees. It’s incredibly important that users understand phishing tactics and how to identify malicious downloads or links on the internet. If your company is looking tone come CMMC compliant, company-wide cybersecurity training is an imperative step to meet CMMC practices.
On top of this, requiring multi factor authentication when logging into anything related to a company’s system would make compromised accounts less likely. A great way to encourage strong passwords with employees is to encourage the usage of password managers with strong unique passwords for each piece of software. This would eliminate the risk of a threat actor brute forcing a password.
On the subject of passwords, strong passwords have several important qualities. The first is length; in order to avoid having a password forced, it is ideal to have a password longer than 17 characters. A password with 17 or more characters would take a cyber-criminal three weeks or longer to break. A good password also has upper and lowercase letters, numbers, and special characters (like punctuation marks.) It’s important to have multiple of each, so that there’s increased variation.
Telltale Signs of a Phishing Email
Manufacturers can use Generators to Create Strong Passwords
How do Businesses Maintain Proper Cybersecurity Hygiene?
There are many ways to protect against ransomware attacks, but one of the most important and simple precautions manufacturers can take is limiting user access to files that are essential for their job. If a user were to become a victim of a phishing attack and their system became infected, then only the data they had access to would be affected. This tactic is called the “least privilege” philosophy, and can be adopted on all systems to varying degrees based on which employees need what data.
Limiting the permissions of users can limit access to data, but it can also ensure that certain software will only operate in the specific parameters set for it. With this, the permissions can also limit downloads and installations, which will eliminate the risk of a user downloading a file with a virus. Manufacturers can also limit what data and permissions certain pieces of software have access to. This method of compartmentalization with privileges isn’t a 100% effective tactic, but it greatly increases the challenge of breaking into a system.
Manufacturers should use antivirus, endpoint detection, and anti-malware software designed to monitor the systems activities and user behavior. The software would be able to notice if abnormal behavior is occurring and notify the IT department during the early stages of an attack where countermeasures could be taken. Logging system activities, application whitelisting, and data loss prevention strategies are also other great prevention strategies.
The Importance of Data Backups
Another major precaution is offline data backups. If a company gets into a ransomware situation and they’ve made backups stored in an offline location, that company would be able to recover its lost data without having to pay for the chance of getting the data back. It’s important to remember that paying a ransom does not guarantee that the cyber criminals will actually return the data they encrypted, and it’s likely that the cyber criminals will stay inside the system to launch a follow-up attack. Having the offline backups circumnavigates the entire situation and allows a business to get back up and running, even on the same day of an attack.
That being said, data backups need to be maintained and monitored. It’s very important that the backups remain offline, as threat actors have become increasingly aware of the existence of backups and will attempt to delete them before launching a ransomware attack. If the backups are offline, then the copying and storing of files will need to be done often, so that business progress is not lost.
In combination with backups, it is recommended to keep saved, offline versions of all software and operating systems so that they can be reinstalled in the event that a quarantined system needs to be wiped. Manufacturers can also keep some amount of spare hardware in case parts of an infected system need to be swapped out.
Other Important Ransomware Prevention Tactics
Small businesses should be sure to keep their systems up to date. This means checking driver updates, operating system updates, antivirus and security software updates, etc. An out of date piece of software poses security risks, and there are frequent updates to all of these types of software that can be a direct result of cybersecurity developments. In combination with this, any business that has extensive computer assets needs to have a comprehensive asset inventory with details about hardware and software specifications, as well as that system’s users and connections.
Manufacturers need to create an Incident Response Plan, and a Disaster Recovery and Business Continuity Plan. These two plans will detail the way a company responds to an attack and specify the actions that need to be taken by the members of the company. These plans will dictate the IT response, the communications with specific entities, and the resumption of business operations.
If a business uses a third-party management service provider (MSP), then they will need to take into consideration that party’s cyber hygiene. Manufacturers need to ensure that their cyber hygiene is up to the standard that they are required to meet. These hygiene requirements should be specified and formalized with contract language that fits the needs of both entities.
Above all else, manufactures are also able to invest in cyber insurance to provide extra piece of mind. The insurance will provide payment to alleviate business costs during downtime caused directly by the cyber-attack. The policies will cost less when manufacturers implement better security protocol, especially if they comply with NIST 800-171 or CMMC.
The More (Tactics), The Merrier (The System)
Many of the tactics that have been included so far are relatively easy steps that don’t cost anything. The steps that are difficult and costly are necessary when considering how expensive ransomware attacks have become. When considering which tactics and strategies to use, keep in mind that the more cyber hygiene strategies used, the better off a system will be. Now, this is not an exhaustive list on the ways to prevent ransomware infections. However, these are some of the best and most effective strategies that can save a business from a huge headache in the future.
Using these various strategies dramatically improves a company’s ability to respond to a ransomware attack, but it’s important to note that there is no tactic that will stop ransomware attacks 100% of the time. There will always be some semblance of a risk, whether that be by human error, or a virus designed to slip past even the best antivirus software, there’s always a chance that the worst could happen. That’s why some of the tactics, like creating Incident Response plans, are intended to be used if a company needs to respond to an attack.
TechSolve Works to Keep Manufacturers Safe
The Cybersecurity team at TechSolve works closely with dozens of manufacturers throughout Ohio, striving for greater cyber hygiene and preparing them for CMMC compliance. If you have questions or concerns about your company’s vulnerabilities, or if you just want to learn more, contact us for a free cybersecurity consult.