There are top 10 security misperceptions, said Sophos.
According to the firm, those misperceptions were encountered by its rapid response team in the past months when neutralising and investigating cyberattacks in a wide range of organisations.
Half of the misperceptions are as follows. We'll continue with the other half tomorrow. It’s time to debunk these security myths and save your company from not only financial loss but also reputation damage.
Misperception 1: Our backups provide immunity from the impact of ransomware
Keeping up-to-date backups of documents is business critical, but your backups are within reach of attackers and vulnerable to being encrypted, deleted or disabled in a ransomware attack if they’re connected to the network.
In one incident Sophos Rapid Response investigated, the attackers emailed the cloud service provider from a hacked IT admin account and asked them to delete all backups. The provider complied.
The standard formula for secure backups is 3:2:1: three copies of everything, using two different systems, one of which is offline.
Misperception 2: Our employees understand security
According to the State of Ransomware 2021, 22% of organisations believe they’ll be hit by ransomware in the next 12 months because it’s hard to stop end users from compromising security.
Social engineering tactics like phishing emails are often hand-crafted, accurately written, persuasive and carefully targeted. Your employees need to know how to spot suspicious messages and what to do when they receive one. Who do they notify so that other employees can be put on alert?
Misperception 3: Incident response teams can recover my data after a ransomware attack
This is very unlikely. Attackers today make far fewer mistakes, and the encryption process has improved, so relying on responders to find a loophole that can undo the damage is extremely rare.
Most modern ransomware like Windows Volume Shadow Copies delete automatic backups as well as overwrites the original data stored on disk, making recovery impossible other than paying the ransom.
Misperception 4: Paying the ransom will get our data back after a ransomware attack
According to the State of Ransomware survey 2021, an organisation that pays the ransom recovers on average around two-thirds (65%) of its data. A mere 8% got back all of their data.
Further, restoring data is only part of the recovery process – in most cases the ransomware completely disables the computers, and the software and systems need to be rebuilt from the ground up before the data can be restored. The 2021 survey found that recovery costs are, on average, ten times the size of the ransom demand.
Misperception 5: The release of ransomware is the whole attack – if we survive that we’re OK
Unfortunately, this is rarely the case. The ransomware is just the point at which the attackers want you to realise they are there and what they have done.
The adversaries are likely to have been in your network for days if not weeks before releasing the ransomware, exploring, disabling or deleting backups, finding the machines with high value information or applications to target for encryption, removing information and installing additional payloads such as backdoors.
Maintaining a presence in the victim’s networks allows attackers to launch a second attack if they want to.