Ransomware and Third-Party Risk Management: 4 Steps to Take Now

Ransomware attacks such as Colonial Pipeline are on the rise. How well are your third-party vendors, suppliers and partners prepared to address this risk?
By:
Brad Hibbert
,
Chief Operating Officer & Chief Strategy Officer
May 26, 2021
Share:
Blog ransomware 0521

The 2021 Verizon Data Breach Investigations Report was released this month and features its usual comprehensive review of important trends in cyberattack patterns. Notable in this year’s report are the increasing rates of phishing, ransomware and web application attacks – driven primarily by greater numbers of white-collar workers working from home, where network security may not be as strong as in an office environment.

From Ryuk targeting healthcare organizations and REvil following the Microsoft Exchange Server vulnerability to the more recent Colonial Pipeline attack orchestrated by DarkSide, the growth in ransomware across multiple industries is an especially troublesome trend. In this post we will review where and how ransomware is growing, why it is becoming increasingly expensive for organizations to address, and what steps organizations can take to secure their weakest security link: third-party suppliers, vendors and partners.

Ransomware Is Growing and Tactics Are Evolving

According to this year’s Verizon report, ransomware accounts for 5% of total security incidents and 10% of all breaches, up sharply in the last five years as the attackers’ “business model” has evolved from simply encrypting systems to threating to publish data until a ransom is paid. Stolen credentials and brute force attacks tend to be the most-used vector of attack for these cyber criminals, leading to direct install or installation through desktop sharing apps in as many as 60% of all ransomware cases.

Attackers are also now targeting more than the payment processing systems that manage the keys to many companies’ financial kingdoms. As in the Colonial Pipeline attack, they are now more frequently targeting systems that will impact business operations. The has tended to increase the likelihood that an organization will pay the ransom to regain access to their systems and data – and potentially skirt the harsh compliance penalties and reputational damage that can come with a data exposure event.

Few industries have been spared by the scourge of ransomware, with the Verizon report indicating that ransomware is a favored approach in financial and insurance, healthcare, mining and quarrying, oil and gas extraction, utilities and manufacturing.

Ransomware Is Costly

As the Colonial Pipeline attack showed, ransomware can be very costly to an organization. The company reported paying $5 million to the attacker group DarkSide. And the costs will likely increase with lost revenue and productivity. This year’s Verizon report showed that companies can expect to pay upwards of $1.2 million on average to reclaim systems and data in a ransomware attack.

What’s worse, paying the ransom doesn’t mean you are safe. The Verizon report states that some groups take copies of data prior to triggering the encryption and then use it as leverage against the victim organization.

Four Steps to Ensure Third Parties Are Protecting Your Data from Ransomware Risks

Ransomware is one of the most expensive and business-impacting risks facing organizations today. And, since most companies rely on third parties for everything from data hosting/processing and payments to delivering critical products and services, organizations must ensure their vendors, suppliers and partners have plans in place to mitigate the risk. Here are four steps that we consider essential:

1. Proactively assess your critical suppliers

Don’t wait for the news to hit the wire – assess your suppliers now to determine what controls they have in place to detect, protect, respond to and mitigate ransomware attacks. Leverage Prevalent’s free ransomware assessment that addresses areas such as incident response, responsible parties, disaster recovery plans, preventive controls and endpoint security measures. With these baseline insights you have centralized visibility into third-party security practices and can quickly identify risks and recommend remediations to reduce your organization’s exposure.

2. Monitor for indicators of cyber compromises

Assessing vendor security practices is essential – but it’s periodic. Augment these results with continuous monitoring of public-facing vendor web properties, criminal forums, onion pages, the deep dark web’s special access forums, threat feeds, paste sites for leaked credentials, as well as security communities, code repositories, and vulnerability databases for mentions of your key suppliers. Centralize this activity in a single service that monitors for cybersecurity intelligence and can automatically trigger remediation actions based on findings.

3. Monitor for third-party disclosures

Simply monitoring news sites, social media posts, or getting daily updates about your key vendors from an RSS feed will not enable you to quantify or analyze or act on breach disclosures. That’s why it’s important to seek qualitative insights from a centralized service that includes hundreds of thousands of public and private sources and enables you to tie the data together in a unified risk register. Prevalent offers a free option to gain these insights for up to 20 of your most important vendors.

4. Get the expert help you need to respond to incidents quickly

When ransomware strikes many organizations struggle to get timely notifications of impact from their supplier bases using manual spreadsheet-based methods, delaying risk identification and mitigation – and ultimately leading to unwanted exposure. Instead, seek out expert services to take this work on your behalf. Prevalent’s Rapid Third-Party Incident Response Service assesses your vendors against a customizable event questionnaire that is automatically triggered by events, enables them to proactively submit assessments, and offers prescriptive remediation guidance to quickly identify and mitigate the impact of a security incident.

Next Steps for Managing Ransomware Risks

Like any other security risk, ransomware can never be fully prevented. However, taking a prescriptive approach that provides continuous visibility into third-party exposures can reduce both the likelihood and impact of such an event.

For more on how Prevalent can help, schedule a strategy briefing with us today or take advantage of our free solutions to assess your third-party ransomware risks.

Tags:
Share:
2014 04 10 Headshot Brad Suit
Brad Hibbert
Chief Operating Officer & Chief Strategy Officer

Brad Hibbert brings over 25 years of executive experience in the software industry aligning business and technical teams for success. He comes to Prevalent from BeyondTrust, where he provided leadership as COO and CSO for solutions strategy, product management, development, services and support. He joined BeyondTrust via the company’s acquisition of eEye Digital Security, where he helped launch several market firsts, including vulnerability management solutions for cloud, mobile and virtualization technologies.

Prior to eEye, Brad served as Vice President of Strategy and Products at NetPro before its acquisition in 2008 by Quest Software. Over the years Brad has attained many industry certifications to support his management, consulting, and development activities. Brad has his Bachelor of Commerce, Specialization in Management Information Systems and MBA from the University of Ottawa.

  • Ready for a demo?
  • Schedule a free personalized solution demonstration to see if Prevalent is a fit for you.
  • Request a Demo