The skills firms need to tackle ransomware

Published on: 17 Jun 2021

It's vital for any cyber security professional to always be up-to-date on the latest cyber crime strategies and tactics. Hackers are constantly looking for new ways to get around defences, which means security teams need to be honing their own skills to keep up.

One area of particular concern that every cyber security pro will need to be familiar with is ransomware.

A fast-evolving threat

Ransomware is one of the fastest-growing types of malware today, and it's one that's still evolving. Its basic goals are fairly simple - shut down a firm's systems by encrypted critical files and then demand a payment in exchange for the decryption key.

This can often be a highly lucrative tactic for hackers, as well as causing huge disruption to firms. For instance, the recent Colonial Pipeline attack saw a ransom of $4.4 million to restore services as the shutdown led to panic-buying of fuel across much of the US - though much of that has since been recovered by the FBI.

But while this is still a primary goal of many attacks, hackers are now taking things a step further. As well as encrypting data, cyber criminals are now increasingly stealing it as well, combining encryption malware with data exfiltration tools. 

This means that traditional defences such as turning to backups are no longer an effective solution, as while you may be able to get your operations up and running again, hackers can still demand money in order not to publicly release files.

This has been seen recently with brands like Apple, after a ransomware group stole data from one of the firm's suppliers. This included confidential details of upcoming products, with the hackers demanding $50 million or the data would be sold to the highest bidder.

How you can tackle this threat

It's clear that with ransomware so effective and so quickly-evolving, companies need people with the right skills to defend against these threats. Roles such as security analysts and security engineers will be critical in detecting threats and building the tools to guard against them.

The best way to fight ransomware is with a preemptive approach. If threats can be blocked before they have a chance to infect a network, critical data can be protected. As such, cyber security pros will need to demonstrate competence in developing and configuring intrusion detection and prevention systems and firewalls.

A deep understanding of using security information and event management (SIEM) tools is also a must. This gives security analysts a full overview of their systems to help them detect unusual behaviour that can be a sign of a ransomware attack.

Using a 'defence in depth' strategy with multiple layers is vital for protecting firms from ransomware. This means that in addition to the technical expertise, cyber security pros will also need strong leadership, organisational and communication skills. 

These help with activities such as drafting and maintaining response plans, planning backups and ensuring that risks are effectively spelled out to other employees through activities like training and simulation tests.

Do you have the skills employers need to fight ransomware? Upload your CV and check out our latest cyber security jobs today.