1. IN Groupe
  2. /
  3. Newsroom
  4. /
  5. Insights
  6. /
  7. Is your organization safe from ransomware?

Back

Is your organization safe from ransomware?

A ransomware attack can happen at any moment. Using a Zero Trust security strategy helps strengthen your organization’s security.

Rançongiciel

We all hear and read about it: Ransomware, an ever-evolving form of malware designed to encrypt files on devices, making them unusable for individuals, organizations, or systems depending on them.

The average ransom payment in Q3 2020 was 200.000 $, where the ransomware "Sodinobiski" currently has the largest market share. When looking at the cost of a ransom situation, the average cost is 10 times higher than ransom paid, according to Sophos research. The research also indicates that only one in 10 companies that paid the ransom got all of their data back.

It is important to remember that ransomware is a crime of opportunity. The attackers are looking for an easy payoff. Any additional roadblock you put in their way will prompt them to look elsewhere.

Am I at risk?

Most ransomware attacks require the attacker to access your network before they can encrypt your files. If attackers can’t get past identity safeguards, they literally can’t get anywhere.

It is a fact that most ransomware focuses on small- to medium-sized businesses. About a third of all ransomware targets businesses with between 11-100 employees, and another third targets businesses with 101 to 1,000 employees. Small businesses with less than 10 employees represent 5% of the attacks.

So don't think that it´s only large companies that are targeted, you simply don't hear that much about the smaller ones.

Many organizations today are using Software as a Service (SaaS) providing functions and applications to their users. The modern attacker is doing just the same, only with a different name.

Ransomware as a Service (RaaS) is similar to SaaS, where you can rent ransomware and choose configurations that fit the "targets and attack vectors". And as in the normal software service business, the RaaS is based on monthly payments.

Can this happen?

One of the most common ways attackers can gain access to your company’s data is by guessing weak passwords, stealing passwords via automated bots, phishing, and targeted attacks, or purchasing leaked credentials in bulk.

In most cases, it starts with a single compromised system that is attacked and used as the entry point. One of the goals is to gain a foothold, search local drives, networked drives and file shares, with the ability to encrypt every file of value that could be found.

Small companies experience Remote Desktop Protocol (RDP), the most common attack vector. RDP is easy to pull off as it provides immediate access and control of a system. Information about exposed systems and leaked credentials are readily available on the dark web. Small businesses can’t afford to pay large ransoms, and the attackers are looking for easy prey and quick payoff. Medium-size companies experience phishing attacks as the most common method.

For larger companies, a ransomware attack likely begins with a phishing attempt that implants password-stealing malware, a remote-access trojan, or tricking the user into exposing login credentials. The higher potential payoff justifies the extra work that goes into crafting a successful phishing attack.

Many times a ransomware attack also results in leakage of data, with the attacker revealing information to speed up the payment process.

Does MFA help?

By using MFA for user authentication, it requires two or more independent pieces of information to verify a user’s identity when they attempt to log in or access data.

Without MFA, an attacker only needs compromised user credentials to gain system access (single-factor authentication).

With MFA, an attacker needs more than just a username and password. With a key stored on a smart card or token, for example, the effort has increased a lot and the chance to succeed has dropped close to zero.

Multi-factor authentication has been one of the most important measures recommended by various security experts for many years. By deploying MFA in your environment, you have taken the first and really important step towards the strategy of protecting your organization against a successful ransomware attack.

Many businesses are waiting to deploy MFA because it is considered “inconvenient” for their users. This is because it requires an extra step or two, and users are not looking at the benefits MFA can bring on top of the enhanced security. Functions such as digital signatures, single-sign-on, e-mail encryption, self-service, and others are functions that can make life easier for a user.

However, the users of today want to have higher security and more user-friendly functions. The technology is available, it is just a matter of making the decision to use the technology.

Today, when your work life and private life are coming closer together through working from remote work, the chance that an incident might affect both work and private life for individuals is increasing.

The American Cyber Security & Infrastructure Agency publishes a Ransomware Guide with best practices and where they recommend employing Multi-Factor Authentication (MFA) for all your services.

Using a strategy that enables a Zero Trust security model, where you only trust identities that have been authenticated based on multi-factor authentication to all resources is needed.

These steps will increase security:

  • Block all access to resources except authenticated and authorized traffic
  • Implement multi-factor authentication for users
  • A secure on-boarding and off-boarding process
  • Access control for all systems, based on SAML, Open-ID connect or similar

A mindset that follows "don't trust anyone or anything" before it is securely identified, is a healthy IT strategy.

With Smart ID Digital ID management, Nexus, an IN Groupe brand, removes the complexity and lets you manage the lifecycle of all digital identities in one system, with the help of self-service and automated processes.

Smart ID Digital ID management has the following key features:

  • Lifecycle management of smart cards and virtual smart cards
  • Mobile app for great user experience using virtual smart cards
  • Best-practice processes for standard use cases
  • Self-service and automated workflows
  • Synchronization of data with a directory service
  • Integration of certificate authorities (CA) from multiple vendors

Other articles

INsight (1)
11 January 2024

INsight report 2023.2024

NIS 2 : quel impact pour les entreprises et les organisations en Europe ?
12 October 2023

NIS-2 : The impact of the Network and Information Security Directive on cyber security in Europe

Comment faciliter et sécuriser l’expérience du voyageur ? Quelles sont les innovations et solutions biométriques qui répondent à ces nouveaux enjeux ?
28 September 2023

How innovation and technology enhance travelers experience ?

Mobile Identity Wallet
14 December 2022

Evolution of digital identity and mobile identity wallet

r4iot
12 July 2022

Are you prepared for R4IoT – the ransomware for IoT that attacks IT & OT?

A woman reports the birth of her child by telephone.
19 May 2022

A legal identity at birth, a right for every child

This website uses cookies

Cookies ("cookies") consist of small text files. The text files contain data which is stored on your device. To be able to place some type of cookies we need your consent. We at IN Groupe use these types of cookies. To read more about which cookies we use and storage duration, click here to get to our cookiepolicy.

Manage your cookie-settings

Necessary cookies

Necessary cookies are cookies that need to be placed for fundamental functions on the website to work. Fundamental functions are for instance cookies that are needed for you to use menus and navigate the website.

Functional cookies

Functional cookies need to be placed for the website to perform in the way that you excpect. For instance to remember which language you prefer, to know if you are logged in, to keep the website secure, remember login credentials or to enable sorting of products on the website in the way that you prefer.

Statistical cookies

To know how you interact with the website we place cookies to collect statistics. These cookies anonymize personal data.

Ad measurement cookies

To be able to provide a better service and experience we place cookies to tailor marketing for you. Another purpose for this placement is to market products or services to you, give tailored offers or market and give recommendations on new concepts based on what you have bought from us previously.