Skip to content
  • About Us
  • News & Insights
  • Member Directory
  • Job Board
  • Sign In
  • Join
Boston Chamber
  • Events
        • Events

          • Overview
          • Events Calendar
          • Chamber Awards
        • ...
          Talent
          Massachusetts Apprentice Network Anniversary Celebration

          Join the Massachusetts Apprentice Network for the one-year anniversary of its launch.

          03/27/2023

          9:30am - 11:00am

          Greater Boston Chamber of Commerce

          arrow-go
          Read More
        • ...
          BIMA
          BIMA: Gaming’s Present & Future: Creativity, Attention, and Social Connection

          This event will explore why in-game advertising is becoming the next big advertising channel and how companies can tap into the gaming ad space.

          03/28/2023

          5:30pm - 7:30pm

          Mediahub

          arrow-go
          Read More
        • ...
          Events
          2023 Government Affairs Forum: Ronald J. Mariano, Massachusetts Speaker of the House

          Thank you for joining us for our second Government Affairs forum of the year that featured Ronald J. Mariano, Massachusetts Speaker of the House.

          03/30/2023

          9:45am - 11:00am

          Colonnade Hotel

          arrow-go
          Read More
  • Learning & Development
        • Learning & Development

          • Overview
          • Call for Nominations
          • Resources
        • EQ to Elevate Workplace Well-being

          Designed for mid-level managers and supervisors, this new certificate program addresses workplace well-being through unique, innovative, and actionable methods.

          Read More
          Transformational DEI Certificate

          Join our Transformational DEI Certificate! Our comprehensive learning & development offerings are designed to connect and grow strong leaders who lead both inside and out of the office.

          Read More
          Women’s Leadership Program

          Our Women’s Leadership Program enables you to take your leadership to the next level by arming you with the most in-demand leadership toolkit.

          Read More
          How to Be an LGBTQIA+ Ally in the Workplace

          Expand your DEI professional development with a virtual workshop focused specifically on LGBTQIA+ identities and inclusion.

          Read More
  • Economic Inclusion
        • Economic Inclusion

          • Overview
          • Economic Inclusion Committee
          • Fierce Urgency of Now Festival
          • Pacesetters
          • Resources
        • ...
          Economic Inclusion
          Economic Inclusion

          Our Economic Inclusion Committee provides strategic support around research, policies, and programs that are focused on building equal opportunity.

          arrow-go
          Read More
        • ...
          Economic Inclusion
          Pacesetters

          We are developing an ecosystem of corporations and partners with the influence and buying power to transform economic inclusion for minority business enterprises (MBEs).

          arrow-go
          Read More
        • ...
          Fierce Urgency of Now Festival
          2023 Fierce Urgency of Now Festival

          The Fierce Urgency of Now Festival brings Boston’s diverse young professionals together with business leaders, organizations and their peers to build connection, advance careers and ignite positive change.

          09/12/2023 -

          09/15/2023

          Greater Boston

          arrow-go
          Read More
  • Policy & Impact
        • Policy & Impact

          • Overview
          • Leadership Councils
          • Amicus Advisory Board
        • GET INVOLVED IN OUR POLICY FOCUS AREAS

          Business Climate
          Read More
          Climate & Energy
          Read More
          Health Care
          Read More
          Housing & Development
          Read More
          Talent
          Read More
          Transportation
          Read More
  • Our Networks
        • GBCC’s Networks

          • Overview
        • OUR NETWORKS

          City Awake

          City Awake empowers young professionals in a variety of ways that encourages these rising leaders to stay invested in the region’s future success.

          Read More
          BIMA

          BIMA (the Boston Interactive Media Association) serves a vibrant community of like-minded professionals from agencies, brands, publishers, and ad-tech companies with business interests in the New England market.

          Read More
          Women’s Network

          For more than 25 years, the Chamber’s Women’s Network has connected female professionals of all background and career levels. Today, our Women’s Network is the largest in New England, strengthening the professional networks of women each year.

          Read More
          MITX

          Through MITX (the Massachusetts Innovation and Technology Exchange), we’re building valuable connections between the people and ideas behind technology and its impact on the future of customer experiences, all to create a community that’s finding tomorrow’s solutions together.

          Read More
          Pacesetters

          We are developing an ecosystem of corporations and partners with the influence and buying power to transform economic inclusion for minority business enterprises (MBEs).

          Read More
          Small Business

          We support small business through public policy initiatives, events designed to connect small businesses in Greater Boston to their peers and established business leaders, professional development offerings, and free small business advising.

          Read More
  • Membership
        • Membership

          • Overview
          • Membership Benefits
          • Membership Levels
          • Member Stories
          • Request a Meeting
          • Join Today
        • Our Impact
        • About Us
          Our Impact

          Explore our mission and values to better understand how we are leading the business community forward.

        • Membership Directory
        • Membership Directory
          Not sure if you’re a member?

          Our member directory is your resource to discover, connect, and engage with Boston’s businesses from every industry and sector.

        • For our members

          • Member Resources
          • Member Deals
          • Sponsorship Opportunities
          • Connect with your Member Services Rep
          • Sign In
  • join
Bostonchamber
Boston Chamber
  • Events
        • Events

          • Overview
          • Events Calendar
          • Chamber Awards
        • ...
          Talent
          Massachusetts Apprentice Network Anniversary Celebration

          Join the Massachusetts Apprentice Network for the one-year anniversary of its launch.

          03/27/2023

          9:30am - 11:00am

          Greater Boston Chamber of Commerce

          arrow-go
          Read More
        • ...
          BIMA
          BIMA: Gaming’s Present & Future: Creativity, Attention, and Social Connection

          This event will explore why in-game advertising is becoming the next big advertising channel and how companies can tap into the gaming ad space.

          03/28/2023

          5:30pm - 7:30pm

          Mediahub

          arrow-go
          Read More
        • ...
          Events
          2023 Government Affairs Forum: Ronald J. Mariano, Massachusetts Speaker of the House

          Thank you for joining us for our second Government Affairs forum of the year that featured Ronald J. Mariano, Massachusetts Speaker of the House.

          03/30/2023

          9:45am - 11:00am

          Colonnade Hotel

          arrow-go
          Read More
  • Learning & Development
        • Learning & Development

          • Overview
          • Call for Nominations
          • Resources
        • EQ to Elevate Workplace Well-being

          Designed for mid-level managers and supervisors, this new certificate program addresses workplace well-being through unique, innovative, and actionable methods.

          Read More
          Transformational DEI Certificate

          Join our Transformational DEI Certificate! Our comprehensive learning & development offerings are designed to connect and grow strong leaders who lead both inside and out of the office.

          Read More
          Women’s Leadership Program

          Our Women’s Leadership Program enables you to take your leadership to the next level by arming you with the most in-demand leadership toolkit.

          Read More
          How to Be an LGBTQIA+ Ally in the Workplace

          Expand your DEI professional development with a virtual workshop focused specifically on LGBTQIA+ identities and inclusion.

          Read More
  • Economic Inclusion
        • Economic Inclusion

          • Overview
          • Economic Inclusion Committee
          • Fierce Urgency of Now Festival
          • Pacesetters
          • Resources
        • ...
          Economic Inclusion
          Economic Inclusion

          Our Economic Inclusion Committee provides strategic support around research, policies, and programs that are focused on building equal opportunity.

          arrow-go
          Read More
        • ...
          Economic Inclusion
          Pacesetters

          We are developing an ecosystem of corporations and partners with the influence and buying power to transform economic inclusion for minority business enterprises (MBEs).

          arrow-go
          Read More
        • ...
          Fierce Urgency of Now Festival
          2023 Fierce Urgency of Now Festival

          The Fierce Urgency of Now Festival brings Boston’s diverse young professionals together with business leaders, organizations and their peers to build connection, advance careers and ignite positive change.

          09/12/2023 -

          09/15/2023

          Greater Boston

          arrow-go
          Read More
  • Policy & Impact
        • Policy & Impact

          • Overview
          • Leadership Councils
          • Amicus Advisory Board
        • GET INVOLVED IN OUR POLICY FOCUS AREAS

          Business Climate
          Read More
          Climate & Energy
          Read More
          Health Care
          Read More
          Housing & Development
          Read More
          Talent
          Read More
          Transportation
          Read More
  • Our Networks
        • GBCC’s Networks

          • Overview
        • OUR NETWORKS

          City Awake

          City Awake empowers young professionals in a variety of ways that encourages these rising leaders to stay invested in the region’s future success.

          Read More
          BIMA

          BIMA (the Boston Interactive Media Association) serves a vibrant community of like-minded professionals from agencies, brands, publishers, and ad-tech companies with business interests in the New England market.

          Read More
          Women’s Network

          For more than 25 years, the Chamber’s Women’s Network has connected female professionals of all background and career levels. Today, our Women’s Network is the largest in New England, strengthening the professional networks of women each year.

          Read More
          MITX

          Through MITX (the Massachusetts Innovation and Technology Exchange), we’re building valuable connections between the people and ideas behind technology and its impact on the future of customer experiences, all to create a community that’s finding tomorrow’s solutions together.

          Read More
          Pacesetters

          We are developing an ecosystem of corporations and partners with the influence and buying power to transform economic inclusion for minority business enterprises (MBEs).

          Read More
          Small Business

          We support small business through public policy initiatives, events designed to connect small businesses in Greater Boston to their peers and established business leaders, professional development offerings, and free small business advising.

          Read More
  • Membership
        • Membership

          • Overview
          • Membership Benefits
          • Membership Levels
          • Member Stories
          • Request a Meeting
          • Join Today
        • Our Impact
        • About Us
          Our Impact

          Explore our mission and values to better understand how we are leading the business community forward.

        • Membership Directory
        • Membership Directory
          Not sure if you’re a member?

          Our member directory is your resource to discover, connect, and engage with Boston’s businesses from every industry and sector.

        • For our members

          • Member Resources
          • Member Deals
          • Sponsorship Opportunities
          • Connect with your Member Services Rep
          • Sign In
  • join
  • About Us
  • News & Insights
  • Member Directory
  • Job Board
  • Sign In
  • Join

Are you prepared for a Ransomware attack?

By Pawel Wilczynski, Cybersecurity Manager, Baker Newman Noyes.

First, what is ransomware?

 

Ransomware is a type of malware, or malicious software that encrypts a victim’s files and demands a ransom be paid in order to decrypt them. It’s a growing problem for both individuals and businesses, as the sophistication and reach of ransomware attacks continues to increase. If you’re not familiar with ransomware, this article will give you a quick rundown of what you need to know. I’ll also cover the basics of how to protect your company from ransomware, and what to do if you are hit by an attack.

 

Why is everyone talking about this now?

 

According to the 2022 Verizon Data Breach Investigations Report, ransomware attacks rose 13% in 2022- more than the last five years combined – and accounted for 25% of all cyber-attacks. It’s important to remember, ransomware by itself is really just a model of monetizing an organization’s access. Ransomware was listed as the third most common attack vector, not far behind the use of stolen credentials and “other” types of attacks not caused by phishing or exploiting vulnerabilities.

Additionally, ransomware accounted for almost 70% of all malware breaches in 2022, resulting in an inability to access company data and jeopardizing an organization’s overall cybersecurity. It is not uncommon for the data of those affected by the ransomware to be sold on the black market, prior to the ransomware payment. Additionally, there is a growing trend for companies to choose not to pay attackers, and instead recover their data from backups. To counter that tactic, the attackers often are deploying Distributed Denial of Service (DDoS) attacks along with ransomware. This strategy overwhelms network resources, rendering them incapable of serving their intended users. Victim companies are unable to conduct business, even if they have viable backup data.

 

Is my business really a target?

 

In short, yes. You may be surprised to learn that all companies are targets, regardless of their size. Attackers often identify targets based on the company or organization that will secure the greatest “reward,” or financial impact. That might mean a single, massive attack on a natural gas pipeline, such as the Colonial pipeline incident, or many attacks spread across dozens of smaller organizations. The rise of Ransomware as a Service (RaaS) on the dark web, where the ransomware companies will go as far as setting up a call center to assist with ransomware deployments, does not help the issue.

The reality is that any business with a working email address can be affected by ransomware. This is a question of when, not if. Companies need to have procedures in place that allow them to pivot quickly from “we’ve been threatened” to an effective response plan.

 

How can I prepare?

 

You may think, if large companies like Colonial Pipeline, Apple, or Kaseya with their substantial security budgets are affected by ransomware, my small or medium size business doesn’t stand a chance. Not exactly!

You can take several steps to be more prepared to respond to, or even avoid, ransomware attacks. Below, I have outlined a few of the steps you should consider to respond to a ransomware attack.

Step 1: Ransomware Strategy and Policy

 

Your company should have an enterprise ransomware policy in its incident management program that defines the actions to be taken in the event of a ransomware attack. This policy should be approved by the board of directors or equivalent management body at your company. A ransomware-specific incident response playbook should always include the following:

  1. A list of the people responsible for managing the response to the breach and their roles (i.e., an incident response team)
  2. Detection & Analysis and Containment, Eradication & Recovery protocols
  3. Defined and documented chain of custody for the artifacts, to preserve the forensic evidence
  4. Forensic investigation procedures
  5. Communication strategy, cadence, and what information needs to be shared with stakeholders, employees, or the public
  6. Post-incident activities, including lessons learned to allow for better preparation for future incidents

Alternatively, if your company has hired or partnered with a third-party vendor to manage your incident response plan, ensure they have created a well-defined playbook and have shared it with your team in advance.

 

Step 2: Risk Assessment

 

While performing annual risk assessments, companies should include the probability and potential impact of a ransomware event, based on real-world scenarios, from their respective industries and company size. Considering ransomware as a risk scenario will allow you to determine the potential impact of refusing payment, and your ability to restore or rebuild from data backups.

 

Step 3: Information Protection

 

Protecting information relies heavily on asset inventory, data classification, and defined data flows. Without knowing what data resides or traverses which systems on your networks, the company will not be able to design adequate controls to protect classified data.

 

Step 4: Technical Safeguards

 

Companies should have approved and implemented Vulnerability and Patch Management Policies to identify, assess, track, and remediate vulnerabilities affecting all data within the enterprise. A good asset inventory will make this job much easier. Having a Software Bill of Materials (SBOM) for each critical application used to operate your business is an added advantage that will set you apart from the competition and enhance the vulnerability remediation process.

Multi-Factor Authentication (MFA) is a common control, that, if implemented properly, can reduce the risk of a ransomware incident. However, recent breaches at several high-profile companies, including Cisco, happened because of MFA fatigue. In this and many other incidents, attackers exploited the human factor and sent repeated MFA push requests, hoping at least one would be approved by the user. When users allow connections that they did not originate, attackers gain access to the enterprise systems.

User education, combined with proper configuration of security controls and settings, can help prevent such incidents.

Most companies have already implemented data backups, but it is also imperative to regularly test to evaluate if backups are sufficient to recover your systems on time. It is equally important to make sure backups are segregated from other normal networks, to protect them from attackers.

 

Step 5: Human Safeguards

 

Security awareness training plays a big part in your company’s ability to prevent a ransomware attack. Providing regular training, where users learn how to spot, avoid, and report phishing attempts, can reduce the risk of an incident. It is also essential to conduct periodic phishing exercises to make sure employees recognize phishing attempts and report them to appropriate parties.

 

How do I know I am ready?

 

A ransomware readiness assessment can help identify gaps in the controls, processes, or procedures that make a company vulnerable to a ransomware attack or would hinder their response. Companies can conduct ransomware readiness assessments using internal staff or a trusted partner or choose a hybrid model where they hire a vendor, and utilize their internal team to interact with the third-party vendor to leverage the best knowledge and experience on both sides.

You have the power to respond—not react—to the attack!

 

About the Author

Pawel is a manager in the information systems and risk assurance practice at Baker Newman Noyes. He specializes in cybersecurity, risk, and IT systems assurance services. Clients turn to Pawel for help conducting cyber assessments, readiness assessments for major frameworks, standards and regulations, and all things cyber. He works with a variety of clients, with a particular focus on financial and insurance institutions and the technology industry.

Baker Newman Noyes (BNN), one of the top 100 tax, assurance, and advisory firms in the nation, fosters strong, personal relationships through timely advice that helps clients achieve their goals. BNN’s professionals are entrusted by organizations and individuals to deliver effective accounting and financial solutions with diligence, vision, and responsiveness. The firm draws on deep experience and fosters collaboration between practice groups to find solutions to any situation, with a focus on banking and financial services, healthcare, life sciences, manufacturing and commercial, nonprofit, professional services, real estate and construction, public sector entities and privately held and family-owned businesses. With a Net Promoter® Score of 86, BNN has received the Best of Accounting™ Award from independent research firm ClearlyRated for providing superior client service for five consecutive years. BNN serves clients globally from its headquarters in Portland, Maine, and full-service offices in downtown Boston and Woburn, Mass., and Manchester and Portsmouth, N.H. Follow BNN on LinkedIn, Facebook, Instagram, and Twitter.

Pawel Wilczynski, CISA, CISM, CCSK

Cybersecurity Manager,

Baker Newman Noyes

Email Pawel
265 Franklin Street
Suite 1701
Boston, MA 02110
Get Directions
Contact us
  • Events
  • Learning & Development
  • Economic Inclusion
  • Policy & Impact
  • Our Networks
  • Membership
  • join
  • About Us
  • News & Insights
  • Member Directory
  • Job Board
  • Sign In
  • Privacy Policy
  • Terms & Conditions

© 2022 Greater Boston Chamber of Commerce. All Rights Reserved.

Popular Resources

  • News & Insights  
  • Member Resources  
  • Small Business  
Close