Ransomware Attacks – How to Plan For Them

Ransomware attacks hit 36% of manufacturing and production organizations in 2020, and in almost half of those attacks, the cybercriminals succeeded in encrypting their data.

It is not if a ransomware attack will hit us, but when. Everyone in your company should have this attitude.

The good news is that 89% of the manufacturing production organizations report that they have a malware incident recovery plan.

Ransomware is a type of cyber attack where attackers gain full control of your system and block your access to your system, usually by encrypting it, until you pay a ransom.

Five Steps to Protect Against Ransomware Attacks

1. Make Plans

First, plan to deter the cyberhackers. Second, have an incident response plan in case they get in.

How good are your plans? Be sure and keep these plans updated. Does everyone know their role in the plan, including the newest members of your organization? How will the attack be contained?

Plan for the attack. Practice your plan. Get the decision-makers in a room and go through the scenarios. These steps are important because hundreds of thousands of dollars or more could be affected depending how your company responds to an attack.

2. Make Backups

Part of the plan will be your backup systems. Are you confident in them?

According to the survey, in the manufacturing and production industry, 68% of those whose data was encrypted used backups to restore data.

To resume normal operations as soon as possible, you will need your data backed up. Have at least three backups. Make sure you have at least one backup off-line, so it does not get caught in the ransomware attack, and off-site. Update and test the backup systems regularly.

3. System Protection

The best protection keeps the cybercriminal out of your system.

Keep software updated. Software is constantly being updated to protect against attacks. Do not let the updates go uninstalled.

Use Intrusion Prevention Systems (IPS) and Intrusion Detection Systems (IDS) to alert your information security team when a threat is detected.

4. Train Employees

The best protection keeps the cybercriminal out of your system. Yes, I already did say this, but again it is true.

Your IT professionals need to be trained to look for vulnerabilities and breaches, but every employee needs trained on what to do and not do. Phishing is a primary starting point for ransomware attacks.  Learn more from Proofpoint in their blog post Ransomware: Don’t be “That Employee”.

5. Do Not Pay the Ransom

Of course, each company will need to weigh the pros and cons of paying the ransom, but it is generally best not to let the criminals win.

Even if you pay the ransom, there is no guarantee that your data will be recovered. In the survey of manufacturing and production organizations, on average, only about 55% of data was restored after paying the ransom.

Minimize the impact of a cyberattack through deterrence and by having well-thought-out and practiced plans. Your business bottom line depends on it.

References:

Sophos commissioned a global survey of 5,400 IT managers across 30 countries by the independent research house Vanson Bourne. Respondents came from a wide range of sectors, including 438 respondents from the manufacturing and production sector. The survey was conducted in January and February of 2021. See the blog “The State of Ransomware in Manufacturing and Production 2021”.   Download the full report to explore the reality of ransomware in manufacturing and production.

Proofpoint:  What is Ransomware.

Acumence:  2022 Can Making Trends – Steve Klabak, Acumence Product Manager, “Cyber Security Concerns Continue To Be A Top Priority”.