Cyber attacks continue to increase in number and severity. The challenges brought on by COVID-19 have resulted in industries seeing a significant increase in security gaps that attackers are targeting. 2021 has seen many high-profile cyber attacks, including attacks on a Florida water utility company, a US cybersecurity insurance provider, multiple colleges and school systems, the Colonial Pipeline and the meat producer JBS USA. These attacks have caused shutdowns, delays, loss of records, publication of sensitive data and damage to supply chains. In addition, one of the most prevalent cyber attacks is continuing to appear in headlines across the nation: ransomware.
Ransomware is a type of cyber attack that uses malicious software to target information and data in a system, hijack it, and encrypt it. In quick order, the attackers are the only ones who can access the information, cutting off businesses from their ability to operate. The attackers then set a high price for a company to pay to get access restored. If the ransom demand is not met, the attackers may publish the stolen data and information, sell it to the highest bidder, turn over the information and data to a foreign state or permanently block access to the data and information. Businesses without an incident response plan are at the greatest risk of a total loss of data in a ransomware attack.
The Colonial Pipeline attack resulted in a massive payout for the attackers to get the pipeline up and running quickly. And, still, it was down long enough to cause gas shortages in multiple states. The JBS USA attack will likely have an even larger impact. JBS has an incident response plan in place and moved quickly to implement it. Still, with operations across the world, the impact on their supply chain will spread and cause delays that will be felt long after their incident response plan is fully operational. They overcame this attack, their implemented incident response plan ensured they did. But what about small businesses that suffer ransomware attacks? Understanding potential threats and having an incident response plan is crucial.
Ransomware attacks are a threat that must be considered when developing an incident response plan. First, an incident response plan should include roles and responsibilities. Then, to specifically protect your information and data against ransomware, an incident response plan must consist of a data backup plan. The processes for backing up data and information should be included as well as storage for these backups. And, the storage must be isolated from the main network to ensure that it is not on the same network in the event of an attack. Backups should never be kept on a server or computer where an attack could easily spread. Finally, keep a list of contact information for reporting a breach up to date.
For more information on tips and tactics for preparing and dealing with ransomware, check out the NIST fact sheet on how to stay prepared against ransomware attacks.
Major meat producer JBS USA hit by cyberattack, likely from Russia : https://www.cnn.com/2021/06/01/tech/jbs-usa-cyberattack-meat-producer/index.html
NIST Releases Tips and Tactics for Dealing With Ransomware: https://www.nist.gov/news-events/news/2021/05/nist-releases-tips-and-tactics-dealing-ransomware