As criminals continue their relentless ransomware attacks on healthcare providers, organizations are asking how to prepare and minimize the impact of an attack.
What can an organization do to bolster their defenses? Prepare! We advise the following strategy to handle a ransomware incident:
1. Assess your current capabilities focusing on your users’ awareness posture and data security. This involves a risk assessment that looks at systems and employees. Companies also need to test email phishing vulnerabilities and safe browsing habits (e.g., social engineering). Deploy safe browser configurations and test your company’s ability to respond to an incident. It is one thing to have a plan and another to execute the plan successfully.
2. Consider implementing session-based network detection tools that can detect, analyze and block exploit kit (EK) activity. As exploit kits deliver ransomware (teslacrypt, etc.) to your network, you may be able to block the EK and see the encryption keys exchanged prior to encrypting your data. You may also detect shifts in infrastructure, which will trigger an alert. Be proactive to avoid putting your entire infrastructure at risk.
3. Develop a Disaster Recovery and Business Continuity (DRBC) plan and consider purchasing cyber insurance to transfer risk. Insurance companies are adjusting coverage based on a company’s security profile and response plans. For example, Ironshore offers full policy limits for both network and data extortion. “But if the applicant doesn't have a DRBC plan in place, then we will cap the limit to $1 million,” says Kurt Suhs, vice president, Ironshore.
4. Finally, if you are hit with ransomware, turn to outside counsel and forensics firms for help. They can negotiate and pay ransom fees if needed without creating a Bitcoin account. They can manage company fallout and repair brand reputation. Organizations may also need assistance in recovering data from backups, volume snapshots or restore points.
A solid (DRBC) plan and experienced cybersecurity partners are critical to keeping networks and information secure. Learn how we can help your organization with proactive and compromise assessments, and incident response.
-- Barnaby Page