Chat with us, powered by LiveChat
Skip To Top Navigation Skip To Content Skip To Section Navigation Skip To Footer
One Source Banner

February Guest Blog: Ransomware Attacks – Should NC Companies Pay Up?

Ransomware Attacks – Should NC Companies Pay Up?
Written by Steve Cobb, Chief Information Security officer, One Source

Steve Cobb is Chief Information Security Officer (CISO) for One Source, an outcome-driven Managed Services Provider (MSP). He brings more than 25 years of leadership working with businesses to strategically deploy IT infrastructure,  cybersecurity, incident response, and cyber threat intelligence

Do ransomware victims need to pay when a hacker hijacks their IT systems? It’s a question more companies in North Carolina are facing as cybersecurity risks have increased during the COVID-19 pandemic. If you’re a local business or IT leader, it’s also a question that should challenge you to evaluate your current cybersecurity strategy from the ground up. 

Consider that 92% of organizations impacted by ransomware attacks this past year never recovered all their data, despite the fact that a rising percentage (32%) decided to pay the ransom. High-profile examples like the Colonial Pipeline demonstrate the delays and complications that can come in the recovery process. There is also a high probability for businesses to be successfully re-targeted by the same hackers – resulting in crippling costs, proprietary data losses and emotional turmoil. 

The saying “defense wins championships” is an old football adage, but it also applies to cybersecurity. Gone are the days of the “set it and forget it” approach when you could simply install antivirus software on company PCs and assume you were safe. Below are a few tips and resources that can help strengthen a company’s defense against threats.    

  1. Turn on Multi-Factor Authentication (MFA). A simple but critical first step to strengthening cybersecurity is establishing MFA for yourself and your employees. If you have purchased a plan with Google or Microsoft, you have free access to MFA software. This is especially important as the credentials for Office 365 are the most heavily used to exploit other services. By turning on MFA, you are protecting your organization – spanning from the cloud to your network. 

  2. Do not allow remote desk protocol (RDP) over the public internet.  While giving remote desktop access to trusted users can be helpful in some instances, steer clear of using RDP over the public internet. In our experience working with customers, we’ve seen hackers use RDP to access an organization’s environment and use it to move about until they located the domain and admin levels where they can deploy ransomware. If you must have RDP on over the public internet, make sure you are logging on with MFA and that there are access rules in place on your firewall so that RDP can ONLY occur from specific IP sources. 

  3. Secure your remote access methods. If virtual private network (VPN) access is available, make sure your provider allows for MFA or single sign-on authentication. Implementing best practices to create strong passwords will also help protect your remote access methods. It is important that you have visibility into the attempts that are happening across your remote access, as these exploits are on the rise by threat actors. 

  4. Use monitoring solutions for security. Enterprise-level network, email or host-based security products look at advanced threats and user behavior. These products allow you to see malicious activities that are happening as soon as possible so you can reduce the impacts and save your organization from the threat of ransomware. To do this, you must have the resources, skillset and knowledge in-house to interpret the information you receive from these tools. Doing so will allow you to isolate endpoints and block access out of specific network destinations that may be main control services for threat actors. 

  5. Don’t go it alone. The most effective business leaders are experts at recognizing when they need help. Finding a reputable partner to help manage and monitor your cybersecurity protection is a great option if you don’t have the internal skill set, bandwidth, resources or knowledge to do so. Many attacks are happening during the off hours of the business day and during holidays when most people have their guard down. A good Managed Security Services Provider (MSSP) will be monitoring during these off hours so you get notified of an attack earlier and the MSSP can take action on your behalf, minimizing the impact of a breach. 

In general, we advise businesses not to pay ransom due to the complications that occur using hacker tools for recovery after payment and the risk of being re-hacked by the very same group. The objective should be to completely remove the ransomware and have new protocols established to prevent relapse down the road. 

As more NC companies continue to face challenges due to ransomware attacks, it’s imperative that they develop strategies to protect themselves from the catastrophic financial and reputational damage such an attack can inflict – as well as understand what to do if they are hit. It’s a problem that isn’t going away any time soon, and there’s simply too much at stake to be caught unprepared. 


Interested in submitting a piece for the NC TECH blog?

Visit our Marketing Toolkit page for a submission form. Questions? Contact Rachel Kennedy.