Defeat Ransomware by Fueling Your Risk Management Strategy
One of the most frustrating and embarrassing security incidents a company can experience is falling victim to ransomware. Nothing is truly broken, yet your assets remain encrypted unless you pay an often exorbitant amount to criminals for the privilege of accessing your own systems.
Even the largest enterprises aren’t immune to these attacks. Take the recent Colonial Pipeline ransomware attack, which effectively shut off the fuel supply to 45% of the east coast. The incident led to high prices, shortages for several days and a $4.4 million payday for the hackers – all because the company was unsure of its ability to effectively recover and resume operations on their own.
These incidents aren’t rare either; Statista reported more than 300 million ransomware attacks in 2020 alone. While large companies are targeted for their deep pockets and pragmatic approach to paying ransom as an operational decision, small companies don’t escape the notice of these hackers either. After all, they have fewer IT resources to combat the attacks and may be seen as easier victims.
Further, remember that ransomware attacks not only directly impact your bottom line by halting operations, they impact your reputation with customers. So, what safeguards do you implement now, and, just how do you respond if you fall victim to an attack?
Before you’re attacked you should make a disaster recovery plan. This includes checklists of actions to take and who has the decision-making authority. You also need to maintain recent backups of your data to speed up and simplify recovery. Further, the most vital data, applications and systems should be prioritized so that they remain up and running or can be restored first. The plan should also be regularly updated to address system and personnel changes.
The next step is a challenge, but you need to conduct regular network penetration testing. This gives your network security team and other staff members the ability to recognize and respond to threats so they won’t panic when it happens for real. It also helps management make the necessary adjustments to your response plan after seeing it in action.
You should include phishing drills with staff, too. No security tools will keep you safe if people give hackers access to your systems, and this is particularly important as remote work remains the new norm for many employees.
Responding to Ransomware
The first thing to do if you are attacked is to recognize it. Your employees need to understand what ransomware is and immediately report any indication of an attack, even if they think they can handle it on their own. This will allow IT to stop the spread by quickly isolating vital resources, minimizing the areas of the business that are affected and therefore the overall impact to your bottom line.
That gives you more time to determine options for recovery, including – if necessary – paying the ransom.
Finally, consider using a managed security services provider (MSSP) to help improve your security posture. MSSPs have made an investment in the most stringent security tools and policies, as well as the expertise to mitigate damage and ensure a quick recovery. MSSPs can also give you peace of mind with their experience. Recovery can be very complex and they’ll have conducted many restores across a wide variety of clients and industries, whereas in-house IT departments don’t handle these often.
Whether you’re a billion-dollar enterprise or a smaller company just finding your footing in a crowded market, ransomware is a threat you can’t afford to ignore. But there are steps you can take to reduce your risks and ensure that you can keep your business running. Start making a plan now to enable an effective response, and consider enlisting outside experts to help keep your company safe.