SURVIVING RANSOMWARE

The importance of Cyber Resilience

Ransomware attacks are today’s piracy. It turns out that a ransomware cyber-attack can take down critical business operations of a shipping company for days, even weeks.

Experts estimate that a ransomware attack will occur every 11 seconds in 2021

Ransomware attacks in the shipping industry have proven to be extremely costly

Not only do you have to potentially pay the threat actors to get your data back, but your shipping company can lose revenue from business disruption.

Additionally, if your customers are negatively affected by the attack, you will have costly legal and payout expenses. All of this can harm the reputation of your organization.

It’s not a question of IF you will be the target of a ransomware attack, it’s a question of WHEN. Don’t deceive yourself by saying “why would they look for me”.

The trick is to make sure you don’t get caught in their net.

Every vendor touts their ransomware “solution” as if such a complex problem could be solved by one product. Every CEO and board member demands a comprehensive ransomware strategy with a low budget.

So what can you do?

There are certain approaches you should take within and throughout your organization in order to prevent getting caught in a ransomware attack.

1. Secure Network

Make sure that you have:

A Firewall configured with specific criteria (Zero Trust) to block or prevent access to a network
Physical Access Control as many ransomware attacks begin from personal unprotected PCs, mobile phones, usbs and external drives.
An Identity and Access Management (IAM) solution.
Content Web Filtering.
An enterprise-grade Antivirus solution.
Advanced Threat Detection to scrutinize emails before they reach your network.
Remote Network Monitoring that notifies your IT administrator proactively in the event a threat detectedm

2. System Update

Ensure that all system updates and patches are applied as soon as they are released. This is an area where companies often drop the ball. These updates and patches get relegated to a “when we get a chance” list, because they don’t seem to be a high priority compared to other projects.

Threat actors know that. That’s why one of the most common ways they seek access is by looking for and exploiting known vulnerabilities in older versions of software, operating systems, and devices.

Once threat actors get in, they use these vulnerabilities to get administrative privileges and then infect any data or systems they are able to access with ransomware

3. Staff Training

You should invest in raising your employees’ and seafarers’ awareness about phishing emails and give them clear guidelines on what types of emails to avoid opening or replying to.

Staff training should take place against other social engineering attacks that are difficult to identify, such as tailgating, pretexting and baiting.

Your employees must be educated regarding the importance of your organization’s data and wat to keep it secured.

Your shipping company staff and seafarers on board your fleet should also understand why weak passwords—or derivatives of the same password—make ransomware attacks more likely. Although standard password best practices (change them frequently, keep them long, etc.) are still widely accepted as best practices, the real best practice is to have your staff use, password managers.

Last but not least, training of the IT-related staff is of vital importance so as to keep them updated on cyber-attack methodologies and protection best practices.

Once threat actors get in, they use these vulnerabilities to get administrative privileges and then infect any data or systems they are able to access with ransomware

4. Data Backup and Restore

Since cyber criminals know the importance of your backups, they will target them for corruption or deletion. Therefore, not only do you need to protect the data, you need to protect your protection copies.

Backups alone will not ensure that you can recover from a ransomware attack. You need to regularly test your backups to ensure that everything that is supposed to be backed up is backed up and that you are able to successfully restore everything from your backups.

Should you be skeptical about DR in the Cloud?

It can take days or weeks to clean out ransomware from an environment. Organizations that can recover data to alternate locations can restart critical applications even while quarantining infected areas. Instead of losing revenue and customer confidence, the business can continue to run.

5. Regular Penetration Testing

Penetration testing should be done at regular intervals and more often when you::

Add new infrastructure or applications to your network
Install security patches
Move to a new physical location
Update your applications

Penetration testing can reveal and fix vulnerabilities before threat actors find them and launch a ransomware attack.

6. Business Continuity Processes

Even if an attack happens, what are the procedures followed to keep business running, with minimal/zero impact?

Each stakeholder must know which actions must be performed in case of an attack (even if unsuccessful).

Attack simulation is also needed in order to review and enforce policies.

Cyber Resilience Matters

Today, businesses face threats from attackers far beyond the capability of traditional Backup / DR processes to recover effectively.

Cyber resilience allows organizations to take proactive steps to protect their organization and rapidly respond and recover from incidents with limited downtime. Embracing cyber resilience enables businesses to have the foundation to deal with existing and emerging threats.

Marpoint, offers a Class Approved Maritime Cyber Safety solution which via a complete portfolio of physical, network, data security services will assist you to build your Cyber Resilience and comply with the IMO 2021 regulation.