Ransomware attacks are today’s piracy. It turns out that a ransomware cyber-attack can take down critical business operations of a shipping company for days, even weeks. Experts estimate that a ransomware attack will occur every 11 seconds in 2021
Not only do you have to potentially pay the threat actors to get your data back, but your shipping company can lose revenue from business disruption. Additionally, if your customers are negatively affected by the attack, you will have costly legal and payout expenses. All of this can harm the reputation of your organization.
It’s not a question of IF you will be the target of a ransomware attack, it’s a question of WHEN. Don’t deceive yourself by saying “why would they look for me”.
The trick is to make sure you don’t get caught in their net.
Every vendor touts their ransomware “solution” as if such a complex problem could be solved by one product. Every CEO and board member demands a comprehensive ransomware strategy with a low budget.
There are certain approaches you should take within and throughout your organization in order to prevent getting caught in a ransomware attack.
1. Secure Network
Make sure that you have:
- A Firewall configured with specific criteria (Zero Trust) to block or prevent access to a network
- Physical Access Control as many ransomware attacks begin from personal unprotected PCs, mobile phones, usbs and external drives.
- An Identity and Access Management (IAM) solution.
- Content Web Filtering.
- An enterprise-grade Antivirus solution.
- Advanced Threat Detection to scrutinize emails before they reach your network.
- Remote Network Monitoring that notifies your IT administrator proactively in the event a threat detectedm
2. System Update
Ensure that all system updates and patches are applied as soon as they are released. This is an area where companies often drop the ball. These updates and patches get relegated to a “when we get a chance” list, because they don’t seem to be a high priority compared to other projects.
Threat actors know that. That’s why one of the most common ways they seek access is by looking for and exploiting known vulnerabilities in older versions of software, operating systems, and devices.
Once threat actors get in, they use these vulnerabilities to get administrative privileges and then infect any data or systems they are able to access with ransomware
3. Staff Training
You should invest in raising your employees’ and seafarers’ awareness about phishing emails and give them clear guidelines on what types of emails to avoid opening or replying to.
Staff training should take place against other social engineering attacks that are difficult to identify, such as tailgating, pretexting and baiting.
Your employees must be educated regarding the importance of your organization’s data and wat to keep it secured.
Your shipping company staff and seafarers on board your fleet should also understand why weak passwords—or derivatives of the same password—make ransomware attacks more likely. Although standard password best practices (change them frequently, keep them long, etc.) are still widely accepted as best practices, the real best practice is to have your staff use, password managers.
Last but not least, training of the IT-related staff is of vital importance so as to keep them updated on cyber-attack methodologies and protection best practices.
Threat actors know that. That’s why one of the most common ways they seek access is by looking for and exploiting known vulnerabilities in older versions of software, operating systems, and devices.
Once threat actors get in, they use these vulnerabilities to get administrative privileges and then infect any data or systems they are able to access with ransomware
4. Data Backup and Restore
Since cyber criminals know the importance of your backups, they will target them for corruption or deletion. Therefore, not only do you need to protect the data, you need to protect your protection copies.
Backups alone will not ensure that you can recover from a ransomware attack. You need to regularly test your backups to ensure that everything that is supposed to be backed up is backed up and that you are able to successfully restore everything from your backups.
Should you be skeptical about DR in the Cloud?
It can take days or weeks to clean out ransomware from an environment. Organizations that can recover data to alternate locations can restart critical applications even while quarantining infected areas. Instead of losing revenue and customer confidence, the business can continue to run.
5. Regular Penetration Testing
Penetration testing should be done at regular intervals and more often when you::
- Add new infrastructure or applications to your network
- Install security patches
- Move to a new physical location
- Update your applications
Penetration testing can reveal and fix vulnerabilities before threat actors find them and launch a ransomware attack.
6. Business Continuity Processes
Even if an attack happens, what are the procedures followed to keep business running, with minimal/zero impact? Each stakeholder must know which actions must be performed in case of an attack (even if unsuccessful).
Attack simulation is also needed in order to review and enforce policies.
Today, businesses face threats from attackers far beyond the capability of traditional Backup / DR processes to recover effectively.
Cyber resilience allows organizations to take proactive steps to protect their organization and rapidly respond and recover from incidents with limited downtime. Embracing cyber resilience enables businesses to have the foundation to deal with existing and emerging threats.
Marpoint, offers a Class Approved Maritime Cyber Safety solution which via a complete portfolio of physical, network, data security services will assist you to build your Cyber Resilience and comply with the IMO 2021 regulation.