Over the Fourth of July weekend, an IT solutions company, Kaseya, was attacked and infected with ransomware. Now, even with the full resources of the United States government to support them, this attack is still affecting thousands of businesses globally. With the perpetrators demanding millions, this attack has the potential to continue a dangerously rising precedent for malicious actors who want to try their hand at the lucrative work of ransomware.
“Ransomware gangs will continue to exploit vulnerabilities and maximize impact because that’s how they maximize profit,” explains Robert Weiss, Head of Security at OpenVPN, Inc. “It's the economics of ransomware. They will continue to funnel those increasing profits into new attacks.”
Because of its lucrative nature, ransomware risk is all but inevitable — as the team at OpenVPN is quick to point out. But what can businesses learn from this incident, and how can they improve their own security?
First and foremost, business leaders would do well to take note of how Kaseya handled the situation. Even under worldwide scrutiny and in the face of intensely efficient attackers, they managed to maintain their cool and mitigate as much damage as possible.
“It seems that after Kaseya was informed of the vulnerabilities...they acted expeditiously in responding to the issue,” says Weiss of the unfolding story. “They also seem to have responded quickly to the incident, which may have helped minimize the impact and they have been transparent and communicative about their responses.” It’s a bad situation for everyone involved, but had Kaseya not acted as quickly as they did, it could have been even worse.
Taking Preventative Measures
But before an attack happens, what can companies do to prepare? Well, for incidents like this, it simply isn’t possible to completely guarantee you’re protected from an attack. Still, companies should take as many preventative measures as possible. “There are lots of security practices,” explains Weiss, “from building resilient systems, not exposing them to the internet, and having good backups, that can minimize the impact of ransomware on victims. Admittedly, this is hard to accomplish outside of a sophisticated cybersecurity program.
“Exposing a remote access system that runs with administrator privileges to the internet is one of the riskier cybersecurity practices,” he continues, referencing the SMBs downstream who suffered from the Kaseya attack. Still, he concedes that such a practice is nonetheless “not an unreasonable business decision for a small business.” There are inherent risks for operating online — and these days, it’s all but impossible not to operate online.
Rohit Kalbag, Senior Product Manager at OpenVPN, Inc, agrees, saying, “Preventing attacks that employ zero-day exploits is near impossible. The best defense is to develop your software with security in mind to catch such vulnerabilities before hackers do.” He adds that outside help can also be beneficial: “Carrying out code reviews and using security code audit tools is a good first step. Hiring external security firms to carry out security vulnerability assessments on a regular basis can also provide additional benefit.”
Consider All Vulnerabilities
It’s also important to consider ransomware attacks from every angle — and often, employees can be the greatest risk. Kyryl Tumanov, Product Manager at OpenVPN, Inc, points out that, “Another aspect to remember is that employees can be attacked. Users should be configured with the least privileges necessary to perform their job functions.” He, too, is quick to emphasize the inevitable dangers of the internet age we all must do business in: “There is always a chance that someone will find zero-day vulnerability. So you cannot expose your authentication forms for internal resources to the world. You must have multiple layers of security.”
Ransomware will likely remain a risk for any online companies for years to come. While there is no way to protect your company 100% of the time, it’s still absolutely essential to put in the work to protect as much as is in your control. As we continue to learn about the Kaseya attack, the most profound takeaways for any business are: Do you have security measures in place? And are you ready to mitigate the damage when an attack does come your way?