How to Respond If a Hacker Encrypts Your Data?

By Raj Sivaraju, President, APAC, Arete

Enterprises worldwide are investing more in digital tools and technologies. Companies recognize the importance of digital adoption at this point, but many still need to improve their cyber risk posture.

While most organizations are already investing in various technologies to improve customer experience, they must prioritize customer safety. The recent ransomware incident at the All India Institute of Medical Sciences (AIIMS), Delhi, indicates the rapid pace at which threat actors are evolving and innovating to target businesses and customers.

In years past, hackers would freeze enterprise data and never return it unless they paid a ransom. But today, they threaten to reveal sensitive data to the public if the victim fails to pay within the given timeline, also called data exfiltration, which can severely impact the organization’s corporate reputation.

The question is, what should you do if your enterprise data is hacked?

The need for a cyber insurance policy
First and foremost, every organization should have a cyber insurance policy to deal with such incidents. Maintaining such a policy will give you access to forensic investigation firms responsible for negotiating with the threat actor, especially when their demands are unfeasible. The negotiation strategist ensures that the offer is reasonable and does not provoke or anger the hacker.

Experts claim that, on average, threat actors bargain a ransom down by 70%. However, this is dependent on a variety of things, including backups. The data of the target organization does not need decryption if it is backed up; therefore, the threat actor is forced to accept a reduced ransom and destroy the stolen information.

The critical role of MFA
Organizations should protect their data with multi-factor authentication (MFA). MFA prevents threat actors from accessing enterprise data even if they have a legitimate password by guessing or stealing. In such cases, MFA alerts the organization that something is fishy and should be probed, preventing the hacker from logging in and exploiting the data for extortion.



Secure user network
Another crucial thing to look at is employees’ access to the enterprise network. Today, we use multiple devices and applications, all connected to the corporate network, increasing the chances of data compromise. Organizations need to understand that users or employees are still the first lines of defense, and hence securing user identities is the need of the hour.

Drive cyber awareness
Employees should be trained to maintain strong password hygiene. They should also be aware of the cyber incidents around them, including how threat actors target enterprise networks by deploying text messages, images, or in-app downloads. Likewise, security teams should have visibility around unmanaged devices such as personal phones, laptops, and tabs used to access corporate apps. This will help them strengthen their vigilance by monitoring for exposed credentials and malware infections caused on these devices.

Conclusion
As reported by Gallagher, $590 million was paid in ransoms during the first six months of 2021, compared to $416 million in all of 2020. This indicates the need for cyber risk mitigation measures to be practiced and implemented by organizations across the globe.

It is true that cyber incidents are inevitable and cannot be stopped completely. However, by collaborating with experienced investigation and recovery teams, organizations can reduce the chances of such events and strengthen their security posture to respond mindfully to hackers, thus ensuring more safety and security in today’s rapidly evolving threat landscape.

ransomwaresecurity
Comments (0)
Add Comment