A recent spate of high-profile ransomware attacks has caught many off guard. Unfortunately, this sort of attack is in its relative infancy. As the criminal groups that engage in these attacks continue to become more creative, sophisticated and numerous, the threat will only become more acute. To protect their brand, companies should immediately take action to secure their networks and keep them secured.
What is ransomware?
Ransomware is a type of computer program (often called malware), surreptitiously delivered onto a computer or network, that is designed to encrypt all the files. By encrypting the files, any files and the systems they rely on are rendered unusable and inaccessible without a password. Criminal actors then demand ransom in exchange for the decryption password.
Cyber threats are constantly evolving, and cyber criminals are becoming increasingly sophisticated in their modus operandi. Given the global nature of the meat industry, companies need to be highly automated and work across very large and difficult-to-secure networks. This makes the meat industry particularly vulnerable and often targeted. Today, nearly every aspect of meat production is integrated through online networks. This includes systems to maintain facilities, equipment, production, distribution and food safety.
To make matters worse, online threats are extremely difficult to protect against. The threat matrix is constantly changing, and criminals are skilled at adapting new methods to carry out their crimes. There are steps, however, companies can take to address the risks. Most important is to be prepared. Time is of the essence if your company is to be able to manage the risk posed by ransomware and support your company’s ability to deliver a coordinated and efficient response to a ransomware incident.
From an infrastructure standpoint, one critical step is to modernize your network and implement stronger cybersecurity standards. This includes implementing offline, encrypted backups of data. The backups should be regularly tested and conducted on a regular basis. Backups must be maintained offline to protect them, as criminals will seek to locate and delete any backups in advance of launching the main attack. In other words, the criminals know there is no need to pay ransom for data that you maintain easy access to by storing offline.
Next, create a cyber incident response team and associated crisis plan that includes response and notification procedures in the event of a ransomware incident. The Public Power Cyber Incident Response Playbook is a great resource for developing such a plan. Understanding your vulnerabilities is also a key aspect of addressing risk. The federal government’s Cybersecurity and Infrastructure Security Agency offers a no-cost Vulnerability Scanning service and other no-cost assessments here: https://www.cisa.gov/cyber-resource-hub
Adopting Zero Trust Architecture is another means that companies can take to bolster the security of their systems. Criminals often gain initial access to a network through exposed and poorly secured remote services and later propagate ransomware. See CISA Alert AA20-073A, Enterprise VPN Security. So, rather than conventional “perimeter security,” zero trust architecture treats all users as potential threats and prevents access to systems and data until the user has been properly authenticated.
It is critical for companies to work now to secure against devastating cyberattacks, including those from ransomware and other malware. It is by no means an overstatement to say that the action you take today may ultimately make the difference in the survival of your company tomorrow. The threat posed by cyber criminals is one that has existential implications for companies and looks to become worse over time.