The news about cyber attacks and data theft is daily. They illustrate the serious damage caused by ransomware attacks and the urgency needed to mature organizations' defences.

In July, the Fleury diagnostic medicine group suffered a cyber attack that left part of its systems unavailable, damaging laboratory operations. And it happened shortly after we saw JBS's factories in the United States paralyzed and the Colonial Pipeline practically shut down. The latter blocked 45% of the American east coast's fuel supply.

The pressure on security teams has increased. Ransomware is becoming increasingly destructive. Defensive and proactive measures need to evolve at the same speed and level of complexity.

The first measures

Basically, in ransomware, criminals install malware on a company's computers and then demand payment, via bitcoin, to return what has been encrypted and stolen. And even if the ransom is paid, there is no guarantee that the data will be returned.

Many organizations refused to pay, opting instead to try to restore their computers or systems according to their incident response plans. Others decided to pay up and ended up being victims for a second time.

But we knew that the volume, scope and cost of ransomware attacks in 2021 would be even greater. In Brazil, for example, the numbers have grown above the global average, with a 92% increase in the volume of ransomware incidents since the start of 2021.

To help prevent successful attacks, companies can start with these measures:

• Strengthen user training and security awareness programs to help them avoid falling for phishing scams;
• Implement e-mail controls using strong spam filters and an authentication method known as DomainKeys Identified Mail to limit e-mail spoofing;
• Implement business processes that limit or even eliminate email transactions;
• Develop and test incident response plans;
• Follow established security best practices, such as implementing a strong patch management program;
• Keep all systems up to date, using anti-virus and anti-malware software and using the principle of least privilege for access control.
• Implement the latest technologies to further limit vulnerabilities;
• Adopt multi-factor authentication, Zero Trust and security frameworks as part of a layered defense;
• Carry out more aggressive monitoring with threat detection, consolidating these activities in a security operations center, whether in-house or outsourced, that has the resources to respond to suspicious threats.

Any infection can be disastrous for an organization and restoration a challenge that, if not executed with a mix of skilled professionals, well-designed processes and technology, can jeopardize the existence of any business.