As the recent ransomware attack on the U.S.’s second-largest meat producer, JBS, made clear, cyberattacks on critical infrastructure can cause harm beyond the digital realm. By encrypting key data and IT systems, the attack forced JBS to shut down its production facilities for days – only narrowly avoiding nationwide shortages of beef, pork, and chicken.
As long as ransomware attacks remain both lucrative and relatively easy for cybercriminals, they’ll continue to be a threat to critical infrastructure from the food supply chain to fuel pipelines.
People often think about security as binary: a system is either secure or insecure. In reality, security is more about effectively managing risk. No organization has the resources to prevent 100% of intrusion attempts and other security incidents. However, you can take steps to ensure that when an attack does occur, the damage is as contained or minimized as possible. (Watch our Cybersecurity Mythbuster Series)
Following these right preparations can help you recover quickly with less long-term damage to your business:
1. Don’t Neglect Asset Management
It sounds obvious, but a big part of security is simply knowing what’s in your environment. You can’t patch an application if you don’t know it’s running on a system in your network. Besides simply taking inventory of the systems you have, prioritize them by business criticality and look for interdependencies between them. For example, maybe your customer relationship management (CRM) software won’t function unless your email server is running. Identify critical systems that are at the center of multiple dependencies or that control critical infrastructure, such as industrial equipment, and focus on hardening those assets against attacks. Every company has finite resources to devote to security, and you want to defend the most important parts of your network first.
2. Segment Your Network
In the same way that most ransomware attacks don’t start with ransomware, most attacks on critical infrastructure don’t start with a breach of those systems. Instead, cyber attackers gain access to less secure, lower priority elements and leapfrog to more attractive targets from there. By segmenting your network, you’ll make it harder for attackers to reach their targets.
3. Monitor Systems Closely
It’s not enough to just monitor firewalls or server logs any more. To swiftly detect intrusions in today’s connected environment, you must regularly check for anomalies across dozens of components – including cloud infrastructure and connections to third parties. Invest in security staff, tools, and resources so you can effectively monitor relevant logs and artifacts.
4. Back Up Your Systems Properly
If you get hit with ransomware, you may need to rebuild all your tech infrastructure from scratch. Therefore, it’s incredibly important to have adequate backups on-hand to expedite the process. Don’t assume the backup procedures you already have in place are up to the task — review them with ransomware in mind. For example, since a ransomware attack is often preceded by a months-long malware infection, consider storing backups for a longer period so you have a clean, uninfected copy of your system configurations and data. In addition, vary your backup strategy so that not all backups are in one server or technology. Utilize local, cloud, and offsite options to ensure maximum coverage.
5. Remediate Weaknesses After an Attack
It’s no use restoring your systems if you just leave the same vulnerability open to exploitation again. After a ransomware attack, invest in forensics to determine how attackers gained access to your systems. Then close that point of entry and address any other weaknesses that allowed the attacker or malware to move throughout the network. And, as mentioned in the previous point, avoid using backups that are infected with the malware that caused the initial breach.
The threat of ransomware isn’t going to go away anytime soon, particularly for companies that touch critical infrastructure. While there’s no foolproof solution, performing due diligence by boosting monitoring, segmenting your network, and backing up your most vital systems can go a long way toward reducing your risk — and mitigating the damage if and when your organization is targeted by attackers.