Why Whac-A-Mole is not a strategy for defending against ransomware attacks

Recently, I participated in a training exercise where a team of hackers (the red team) simulated an attack on an organization’s infrastructure, and a team of Cyber experts (the blue team) was tasked with responding to the incident and restoring normal operations. As the red team inflicted its initial attack, the blue team jumped on their monitoring tools and detection technology, scrambling to quickly quell the threat and fend off the attackers. Their natural response was to put up one obstacle after another, rapidly trying to shield their infrastructure from harm: for example, shutting down ports that were being targeted by attackers or disabling admin accounts that the red team was trying to compromise. Unfortunately, in this process, the blue team would also block legitimate and essential traffic on ports, or shut down systems driven by admin accounts, effectively disrupting their organization’s ability to operate – even before the attackers had accomplished this with their tactics. 

This Whac-A-Mole approach is not an effective strategy against cyberattacks nor something as impactful as, let’s say, ransomware attacks. And when you are running a small business, ransomware attacks are one of the most serious threats you need to watch out for. In fact, in just the first half of 2022, Avast blocked on average over 14,000 ransomware attacks targeting business users per month. And since most SMBs lack the expertise needed to develop an effective defense strategy, here are a few simple guidelines that they can follow to avoid the Whac-A-Mole trap:  

• Be prepared and “armed” with the technology you need to respond to an attack: as the saying goes, an ounce of prevention is worth a pound of cure. One of the best ways to prevent being vulnerable to ransomware attacks is to ensure your critical data is backed up regularly, and fenced off in an environment that you can fall back to quickly if your business data were ever to be held hostage or compromised. Additionally, by encrypting your sensitive data, the likelihood that malicious actors can threaten to make public any data they were able to steal from your business is significantly decreased.
• Practice your response to an attack, and have a playbook for how to balance mitigating the impact of ransomware attacks with the need to operate your business. Just like you may schedule regular fire-drills if you run your business from an office, or you practice what steps you would take if there’s a power outage in the storage room where you keep your perishable goods, you will be much more successful in surviving a ransomware attack if you have scripted your response plan and run periodic exercises to simulate an attack with your team.
• Have safety nets in place like Cyber insurance and services for data recovery, monitoring of Dark Web activities, and restoration of your business reputation. Assuming that one day your business may become the victim of a ransomware attack can prepare you to recover from such an event faster and with less negative consequences for you and your customers, which increases your chances of being able to operate and grow your business despite adversity.

Though most small business owners don’t have a multi-million-dollar security budget and are not high-profile enough to attract attention from terrorist groups, today’s small businesses are actually being attacked by cybercriminals more frequently than large enterprises. Besides investing in the right security defenses, SMBs should also consider strong personnel practices and awareness to implement a better defensive strategy than Whac-A-Mole. Find out more about how we can help you and your business by signing up for our free trial.