The frequency and ferocity of ransomware attacks has been rising over the years. According to estimates, the total global cost of all ransomware attacks is expected to exceed USD 6 trillion in 2021 alone, more than double since 2016. This kind of cyberattack has become big business, with many hackers even offering “ransomware-as-a-service” on the digital black market.
Suffice to say – the days of simply keeping your antivirus updated are gone. Attacks almost always focus on midsize and large companies, often selecting the most vulnerable business units. As such, if your business isn’t prepared to fend off these attacks, you could be in for a nasty surprise. To protect your business and to ensure your company’s solvency for the foreseeable future, a well-designed plan for defense must be put in place. Here are some of the components of a well-thought-out defense against ransomware.
Best-in-Class Backup and Offsite Storage
Your data is the backbone of your business. Client lists, stock prices, cashflow records, five-year and 10-year plans the list of mission-critical documents is likely very extensive. Without them, your organization may not be able to operate. Therefore, step one of every solid ransomware defense is ensuring that your data remains intact despite intrusion by an external threat. Usually, this will include the implementation of an efficient backup and recovery appliance that protects you from ransomware.
The standard practice among cybersecurity experts is to maintain at least three copies or versions of a company’s data on both a hard drive and in a cloud storage service or data center. In addition, experts would also advise keeping one copy of that same data offsite, away from an organization’s headquarters or main production facility, to ensure that data remains intact in case of a crisis at that location, such as an earthquake or fire.
These steps ensure a bare minimum of business continuity and build confidence in a company’s ability to function in spite of almost any internal or external disruptions.
Assembly of a First-Response Team
Unfortunately, no matter how prepared an organization is, sometimes ransomware attacks still manage to penetrate. According to the most recent data, a ransomware attack is likely to occur once every 21 seconds throughout the United States, or a total of more than 4,000 every day. Hackers consider some companies worthwhile targets. It seems they will stop at nothing to get what they want, despite the effort and potential risk of prosecution.
To ensure an appropriate, immediate response, a team of cybersecurity specialists should be formed, with representatives from throughout the organization to ensure complete and adequate representation. They should be ready to assemble a response plan that both ensures continuity of operations and reassures stakeholders of the company’s integrity and operational competence, despite the external threat. What the content of this plan is will vary, depending on the industry that company operates in. For instance, an insurance industry player may need to reassure its policyholders that their records are safe and that no unauthorized or fraudulent claims have been made because of stolen private data.
Organizational and Operational Awareness
Perhaps the best way to protect one’s organization from any kind of external attack is by ensuring that the attack does not happen in the first place. The latest statistics on ransomware attacks indicate that most of them happen over email. According to the Cybersecurity and Infrastructure Security Agency, email phishing campaigns are the most common vector for ransomware to infect and spread throughout an organization.
In addition, recent statistics show that there has been a marked increase in ransomware penetration from unauthorized network access by personal mobile devices. Therefore, this indicates that the most vulnerable point in any organization’s security infrastructure is its people. Statistics from cybersecurity firms say that two out of every three companies allow their employees to access company applications via personal mobile devices that aren’t managed by the company’s internal IT personnel.
Whether the breach occurs due to negligence on the personal level or by the organization’s IT department, it’s clear that attackers will take advantage of every opportunity to get at a company’s data. Usually, this vulnerability can be remedied by basic awareness of best practices regarding personal cybersecurity and operational awareness, and as with most organization-wide initiatives, it starts from leadership. A company’s management team must take the reins in establishing a culture of awareness and vigilance surrounding its own data, including implementation of policies that may not necessarily be popular or convenient for users. Accessing a company’s network via an unlicensed personal mobile device may seem like a convenient solution for communications and organizational synergy, but it also creates a potential security risk and a weak point in the company’s defenses.
Now for the good news: if you have a solid data backup and disaster recovery solution in place, your chances of recovering from a ransomware attack skyrockets. With careful planning and organization-wide buy-in, there is definitely a way to secure sensitive information, despite the preponderance of bad actors and the threats they pose.