HelpNetSecurity.com reported that “As the frequency and intensity of ransomware attacks increase, one thing is becoming abundantly clear: organizations can do more to protect themselves. Unfortunately, most organizations are dropping the ball. Most victims receive adequate warning of potential vulnerabilities yet are woefully unprepared to recover when they are hit.” The October 7, 2020 article entitled “Three common mistakes in ransomware security planning” included these examples of “…a few recent examples of both prevention and incident response failures”:
Two months before the city of Atlanta was hit by ransomware in 2018, an audit identified over 1,500 severe security vulnerabilities.
Before the city of Baltimore suffered multiple weeks of downtime due to a ransomware attack in 2019, a risk assessment identified a severe vulnerability due to servers running an outdated operating system (and therefore lacking the latest security patches) and insufficient backups to restore those servers, if necessary.
Honda was attacked this past June, and public access to Remote Desktop Protocol (RDP) for some machines may have been the attack vector leveraged by hackers. Complicating matters further, there was a lack of adequate network segmentation.
Here are the Three Common Mistakes:
Common mistake #1 – Failing to present security risk in business terms to get funding and policies
Common mistake #2 – Not going deep enough in testing ransomware readiness
Common mistake #3 – Backup strategies and DR plans don’t account for ransomware scenarios
Actually I doubt than any is surprised by this report!