Ransomware is a type of malware that threatens to expose or limit the access to computer systems.
Cybersecurity Ventures predicts that ransomware will cause ransomware to infect businesses every 11 seconds by 2021.
Accenture, a consulting firm, was recently victim to a ransomware attack. The ransom demanded was for $50 million. They threatened to make the data public ifAccenture didn’t pay the ransom.
How did Accenture stop the Ransomware Attack from happening?
According to a report by Doug Saylors from isg-one.com,Accenture has a robust cybersecurity program in place,which helped themthwart the attack in time.Thekeyaspects that worked for the organization are:
Their SOC (Security Operations Center)protocol had theproper controls,which helped themidentifyandanalyzethe attackswiftly.
Theyimmediatelyexecuted their incident responseplan,and itcurtailed the ransomware from spreading across systems.
Accenture has a well-defined backup strategy and recovery plan, which minimized the impact on clients’ systems and business operations.
As the cost of acyber-attackishumungous, organizations need to take the right measures andprepare themselvesto deal with it.Let us understand the steps that Accenture took andthe key takeaways of these measuresto secure your organization from maliciousvectors.
An Effective Security Operations CenterReady forRansomwareAttacks
ForaSOC toidentifypotential attacks,themonitoring processwithinneeds to be a hybrid of automation and manual analysis. A well-equipped team of SOC analysts,giventhe right security event management tools,helpsin prioritizing events, which sets afoundationforincident response. They also playa vital roleinidentifyingcritical points of failure,which show a consistent trend of compromises.
A well-defined SOC team within your organization will allow you to have dynamic security that focuses on analysis, monitoring and prevention as well as restoration in the event of a cyberattack.
Importance of a SOC Team
A Security Operations Center’s goal is to monitor, detect, investigate and respond to cyber threats around the clock. The essential functions of a SOC include:
Monitoring-The SOC teammonitorsthe network around the clock,and thus, they get notified of any threatsimmediatelyand work towards preventing andmitigatingdamage.
Management-Whenmonitoringtools send outalerts, theSOC team scrutinizes eachalert,deletesany false alarms, and decidesonhow aggressive any actual threats are and what they might be targeting. This enables them to effectivelyprioritizeemergingthreats, addressing the most pressing concerns first.
Threat Response- TheSOC is a first response to an incident. It shuts down or isolates endpoints and stops, blocks, and deletes malicious software programs. Their primary goal is to take the necessary steps and minimize the impact on business continuity.
Recovery- A SOC will restore the systems and recover any lost data after a cyber-attack. Ina ransomware attack, the SOC willdeploy the necessary backups,therebyrestoring the network tothepre-incident state.
An Incident ResponsePlaninPlace
A plan for an incident response is best if it is a collaborative effort by Incident Handlers and Security Analysts, Pentesters, Threat Analysts and Digital Forensic Investigators. An incident response plan involves:
Prepare for a cybersecurity incident by protecting your organization’s data. A major segment of this preparationconstitutesassessing threat landscapes, for example,identifyingthe common indicators of compromise and recommendingthenext action steps to be taken to curtail the spread of the attack across networks.
Identifying the system breach, analysing it, and containing the attack to minimize damage.
You can fix the system vulnerabilities and remove malicious software.
After the incident, restoring the network affected by the incident.
A Business Continuity Plan of Action
It is crucial to have a disaster recovery and business continuityplan toensure that your business has the least impact when adisasteroccurs.Awell-structureddisaster recovery planmust include the following:
To create, implement, and maintain the Disaster Recovery Plan, a disaster recovery team must be established