OPINION: Canadians are at risk from ransomware attacks, but a multi-tiered defence can help

Bassam Hemdan

It’s no surprise the threat of ransomware continues to grow, with many large corporations being targeted and frequent headlines about new attacks appearing. Often causing denial of service, ransomware interrupts essential services, including health care, fuel and food supplies. The Canadian Centre for Cyber Security is aware of 235 ransomware attacks against Canadians in 2021, but notes that most ransomware events go unreported.

The popular conception of ransomware is of a bored, isolated person looking to cause trouble. But ransomware is a business. Cybercriminals are sophisticated groups of intelligent people who make a living from their work. They look like businesses in ways you might not expect: offering benefits, lunch breaks, and regular working hours.

About 64 per cent of businesses of businesses have fallen victim to at least one cyber attack in their history. What can organizations do to ensure that they are ready to prevent such attacks from penetrating their systems and stealing their data?

Multiple tiers for maximum defence

Companies of all sizes from any sector could be victims of ransomware attacks. A multi-tiered approach is essential for ensuring the best protection against such attacks and to future-proof defences against new cyber threats. Following the National Institute of Standards and Technology (NIST)’s five -step approach should be the foundation of all cybersecurity policies:

1. Identification management: Protecting and securing your data is not just about authentication, authorization and audit control. The first step should always be to identify your data. Knowing what data you hold and where it is located is essential in order for you to protect it.

2. Protection: Accurate data identification is fundamental in designing the right architecture and cost model that will best protect your data for the long-term. Often, organizations use multiple disparate technology solutions that don’t identify key data or integrate it in the correct way. Using a single, integrated solution will facilitate effective protection because all data will sit under the same solution. Should they fall victim to a ransomware attack, data will not leak through the cracks of the mismatch of different solutions.

3. Detection: Strong management of the right corpus of data is so important because it allows the most effective protection to be put in place. This is crucial because effective management allows for quick and easy detection of vulnerabilities — essential to limiting the impact of an attack, should it penetrate your system. Organizations that detect a vulnerability early experience the least destruction following a ransomware attack.

4. Response: Monitoring and testing security solutions continually is essential. Having the knowledge of what goes on in your IT environments by the hour and minute will enable you to quickly detect any abnormalities and react accordingly with ease and pace. You can never practice a response to a ransomware attack too often. Make sure you know exactly what to do should one occur to limit downtime and prevent loss of data.

5. Recover: Organizations that navigate ransomware attacks and recover their systems the quickest and easiest are those that keep calm and have procedures in place. It goes back to the response — those who know what to do can handle the situation calmly and efficiently.

While these five steps are not 100 per cent fool proof, following this framework can certainly mitigate the risk of the downstream need to recover should an attack happen.

Is change on the horizon?

As long as organizations continue to pay ransoms — as 69 per cent of Canadian ransomware victims did last year — cybercriminals will continue to deploy ransomware.

Ultimately, government intervention is needed to legislate and prosecute cyber activity. We’re moving in the right direction. Prime Minister Justin Trudeau has released mandate letters tasking his national defence, foreign affairs, public safety and industry industry ministers with developing a new “National Cyber Security Strategy.” This is a sign the federal government is heeding warnings from experts that cyber threats are on the rise. On the international stage, 23 countries recently reaffirmed that they should not disrupt each other’s critical infrastructure or shelter cyber criminals. Additionally, cybersecurity is built into defence agreements between Canada and the U.S.

Until decisive action is taken through legislation, the best way for organizations to protect themselves from cyber threats is to plan ahead, stay alert and implement a multi-tiered security strategy. Take responsibility for your own assets, protect them with the best cybersecurity practices, and never be complacent.

Bassam Hemdan is vice-president, Canada and LATAM, for data protection and management leader Commvault and Metallic.