It seems that every day, another news story appears about an organization getting hit with ransomware. Although attacks have been going on for years, these stories began receiving more attention with the recent Colonial Pipeline oil compromise, which not only affected the company, but the people and communities it serves. How did such an easily launched attack cause panic to a wide swath of the U.S. population? One word: unpreparedness.
Let’s go over a few ways you can prepare to protect your organization against a ransom attack.
In almost every case, companies did not have a business continuity plan (BCP) or a disaster recovery plan (DRP) in place that included not only natural disasters but cyber disasters. What does such a plan include? First off, they are very detailed. The BCP will set priorities and contain a response to anything that results in an interruption. The DRP, on the other hand, will contain the specific actions required to recover from the incident. As a result of improper planning, large monetary payments to criminal organizations have taken place which, in addition, have resulted in lost profits to the company.
To recover, one must be prepared, and that means investing in security. Look what happens when security is an afterthought: businesses are interrupted and customer data can be compromised. As a result, breach notification laws could be triggered, which can then compel companies to pay severe monetary penalties to civil authorities. Good luck explaining that to your board!
How can businesses be prepared? Part of the company’s risk assessment will determine which areas to protect. But most certainly, regular data backups will be required. The details of how these backups are done, where they are stored and how they are re-created will be part of the recovery plan. Encryption is also a big part of the plan. While encryption of data in transit is fairly common these days, encryption of data at rest must also be considered. If encrypted data is stolen, it has little value without the decryption keys.
An important part of any recovery plan is frequent testing. Having a recovery plan is useless if it doesn’t work. Hence, testing from an assumed “dead” system at a point in time and attempting to restore from a known good backup is essential to successfully recovering from a ransomware attack. Multiple backups are also necessary, given that the ransomware may be lurking in a more frequent backup.
Ransomware is just another type of threat. Dealing with threats is not something new to IT. However, dealing with this specific type of threat requires vigilance, especially with the introduction of remote workers and mobile devices. Although convenient for employees, a remote workforce and a BYOD (bring your own device) environment increases the risk that malware can make its way into a corporate network. Hence IT must take extra precautions in forming perimeters around a larger boundary.
No doubt, attacks are going to grow in 2021. Ransomware has become an easy attack to launch with the availability of “ransomware as a service” facilities on the dark web. Combining this with untraceable ransom payments in bitcoin make this an attractive and easy enterprise for criminals to use. The FBI advises victims not to pay ransoms but for some companies, the decision to avoid this is not easy. Don’t become another victim. Invest in the security tools and procedures necessary to avoid any loss or damage to your reputation. Paying a ransom will likely cost you much more.