Williams added the companies must engage their employees on strategising the company's incident response plan.
6. Increase security of critical infrastructures
Moynahan highlighted the importance of putting cyber resiliency into focus. "If we do not invest in the cybersecurity of our critical infrastructure, we will continue to see massive attacks with economic, employee and public safety ramifications."
Besides that, organisations must also implement a defence in depth approach, wherein multiple layers of security are used to protect the IT infrastructure, said Mark Hearn, director of Internet of Things (IoT) Security at Irdeto.
7. Backup regularly
Even though ransomwares lock up people's files and systems until a ransom has been paid, paying the ransom does not guarantee that the files/systems will be freed and/or when will it be decrypted. As such, keeping a backup of important data will allow organisations to continue and return to operations quickly, even after being hit by ransomware.
"Backing up important data is the single most effective way of combating ransomware infection... If the victim has backup copies, they can restore their files once the infection has been cleaned up," said Savvides.
However, businesses must keep its backup data offline. "Data should be backed up and encrypted, and stored away from the network the rest of the data is stored on. This means that, in the event that a ransomware attack locks someone out of their files, they will have secure copies available. By doing this, the victim would be able to return to business-as-usual quickly and efficiently," said Jason Hart, chief technology officer, Data Protection Solutions, Gemalto.
8. Do not pay the ransom
Victims of cyberattacks should never pay the ransom as doing so will "incentivise and reward those kinds of attacks," Hart explained.
Organisations that pay the ransom might also be more targeted by future ransomware attacks. "Since the attackers already know that you'll pay the ransom, they could target you for future attacks," said Savvides.
Instead of paying the ransom, affected businesses should immediately report the incident. "Share facts of infiltration with trusted organisations such as the local police, to assist with overall community efforts to diagnose, contain, and remedy the attack," advised Fortinet.
Sign up for CIO Asia eNewsletters.