As we plan for the holidays, people are coordinating events with family and friends, checking off items on their gift lists and wrapping up year-end projects before taking some time off. In a warning issued last week, CISA and the FBI want us to add another item to our holiday to-do list: prepare for ransomware attacks.
As evidenced by the attacks on Kaseya and meatpacker JBS, which occurred over the Independence Day and Memorial Day weekends this summer, ransomware hackers love holiday weekends. Security teams tend to operate with minimal staff during long weekends, reducing their chances of detecting and containing a ransomware attack before it can spread across the network. Moreover, key personnel are often difficult to reach for timely support. In a recent survey, 70% of respondents reported being intoxicated while responding to a weekend or holiday cyberattack. Nearly 9 out of 10 cybersecurity professionals say they are worried about cyberattacks during this year’s holidays.
Despite widespread concern, and a frightening rise in ransomware incidents, nearly 50% of companies doubt they can ward off a ransomware attack. If your organization is among those worried that ransomware might spoil this year’s holidays, here are some preventive actions you can take.
Ensure key personnel are available. Critical security or IT staff should be assigned to provide on-call support during holidays and weekends. Reliable communication protocols should be defined to ensure those people can be reached rapidly.
Implement an endpoint detection and response (EDR) tool. EDR technology collects and analyzes event data from endpoints, such as laptops, servers and cloud workloads, in real time to detect potential threats as they occur. These tools can automatically contain threats and issue alerts to support incident response activities, potentially saving crucial time during a ransomware attack.
Maintain offline data backups. Perform regular backups and store them offline to keep them safe from a ransomware infection. Ensure that your backup procedures account for potential process disruptions during weekends or holidays.
Develop and test response plans. Establish predetermined plans for responding to ransomware attacks. The FBI and CISA recommend incorporating the Ransomware Response Checklist, contained in the CISA-MS-ISAC Joint Ransomware Guide, into your incident response plan. Response plans should be tested regularly to identify any deficiencies and ensure team members understand their roles.
Restrict and secure remote desktop protocol (RDP) usage. Consider restricting the use of RDP and similar high-risk services or, if you do use them, ensure they are properly secured and monitored.
Bring in experts. The experts at MBL Technologies are fluent in the latest cybersecurity threats and best practices. We can ensure that your security posture is resilient, compliant and up to date with our comprehensive suite of cybersecurity services. We want to give you confidence in your cyber defense this holiday season, so you can relax and enjoy the festivities.