Leading CISOs in Canada are the most adamant in their belief that ransomware attacks should be fought by preventing them rather than just detecting and responding to them. According to an annual survey by Proofpoint, 87% of CISOs said that prevention is the focus of their organization's defence against ransomware attacks.
According to a report published by the 2020 Cyberthreat Defense Report (CDR), 78% of Canadian businesses suffered at least one cyberattack. By 2021, this number rose to 85.7%. The numbers are only likely to spike as more organizations integrate technology into their daily activities.
An Awake CISO Advisory Board member, Malcolm Harkins, says, "You can't eliminate risks. You can't eliminate it physically; you can't eliminate it when you invest financially. There is no risk-free anything. You always have to be prepared with the highest efficacy detection and response.”
How Can Canadian companies fight ransomware?
Building a firewall
As threats are persistent and evolving, organizations should strongly consider investing in firewalls. The sooner an emerging threat is identified, the less harm it can cause in the long run. A robust firewall mechanism makes it difficult for hackers to enter and exist in the environment unnoticed.
Data backups are a key element of any ransomware prevention strategy. They provide a safety net in the event that systems are breached and files are encrypted. Backups should be stored offline, in the cloud, or on another server to prevent attackers from encrypting them as well. Adding a layer of encryption to the backed-up data can also strengthen your security posture.
Finding blind spots is one of the crucial steps in fighting ransomware. “It's been critical to identifying blind spots. What else are we missing out on that we aren't receiving or seeing? We can do something about it once we notice it. And it has proven to be a successful strategy for us,” says George Fenny, CSO at Southern Methodist University.
Because dangers can occasionally sneak in through the human barrier, ensure you have reliable technology. Install and update anti-virus and anti-malware software, especially for email programs.
Employees should be taught to spot and handle suspicious emails, links, and websites. Human conduct is the primary cause of malware propagation. Hackers often enter a system or network when employees click on a phishing email link or clickbait on social media.
Ransomware can wreak havoc not only on a company's operations but also on financial and reputation losses. One way to ward off hackers is by keeping the security perimeter secure using robust measures. You can assess the quality and efficacy of your cybersecurity system by commissioning a penetration test.
Packetlabs can help you evaluate your security posture by identifying areas of strengths and weaknesses in your networks, applications and servers.
Our newest service 'Ransomware Penetration Testing' evaluates the preparedness and risk of a ransomware attack. Our comprehensive assessment identifies gaps in people, processes, and technology, to determine the likelihood and readiness for a ransomware attack. In addition to a complete analysis of the security program against the Cybersecurity Framework Profile for Ransomware Risk Management (NISTIR 8374), and a technical assessment of security controls, a full penetration test is conducted to measure the robustness of your systems.