This article from Forbes discusses how ransomware gains entry into your network and how criminals are targeting industrial systems to improve the frequency of pay outs. Missing from the article are the steps that should be taken to greatly reduce the risk of your having to pay a ransom.
First, recognize that ransomware is like COVID-19, a virus that spreads through contact. So monitor all external and internal data communications for the fingerprints of ransomware using the best anti-virus/anti-ransomware you can find – but don’t expect that this makes you safe.
Next talk your IT Operations manager about backup practices. Ask if they are implementing the 3-2-1 backup approach and, if not, fund and implement that approach immediately for all aspects of your operational data. Then develop a plan that will restore that backed up data in a time period acceptable to your operations. This is critical because restoring data can take a long time. The restore function should identify and eliminate any sleeping viruses hiding in the data before restoring. This is time consuming and expensive operationally but at least you won’t need to pay anyone a ransom which still won’t magically bring you back online:
“Developments in networked connectivity, including 5G, are pushing connectivity deeper into organizations as they connect an expanding group of industrial systems. The real-time criticality of industrial operations makes them a very valuable target for hackers.
This new hostage will change the ransom game because it changes the risk game through real-time disruption and what it puts at risk. It also introduces some frightening new risks if industrial processes involve hazardous or volatile environments or materials.
Hackers are productive with their time, and they attack where there’s opportunity and money. The advancement of highly connected operational technology environments offers them a rich and relatively easy target environment.
Galina has several recommendations for businesses addressing this expanding risk landscape. First, don’t have a separate cybersecurity function for operational technology and industrial networks. Integrate this capability within the organization’s core cybersecurity function.
Second, understand what’s at stake and what’s at risk from a leadership perspective with operational technology. The operational threats are unique, as are their risks. They need a contextual understanding of how these systems are creating value and what the risks are to that value and beyond.
Ransomware will continue to expand as an effective cyber-attack tactic. Operational systems are an attractive hostage for cyber adversaries regardless of their motivations in both the public and private sectors.”
Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group