Prepare or Repair: Pointers for Both Sides of a Ransomware Attack

You need no convincing — report after report confirms the same — as do the headlines. Ransomware attacks are increasing, getting more sophisticated and sparing no industry. The latest Verizon Data Breach Investigations Report says ransomware doubled from last year and is the more prevalent variety of malicious software, found in 39 percent of malware-related cases.

In this blog we examine both sides of a ransomware attack — ways to prepare a solid defense (or offense) to prevent an attack and pointers to repair the damage if you do suffer an attack.

Preventing a Ransomware Attack

Foster a Culture of Security: Security is not a technology problem. Thanks to the omnipresent nature of the cloud, it just takes one wrong click to launch a full-blown attack. The most secure networks and well-documented processes needs support from the employees, organization-wide, to work effectively. Along with educating employees about common vulnerabilities, their security responsibilities and organizational policies, encourage good security practices. Examples of “treats” include recognition or rewards for going through a security awareness program, finding security vulnerabilities, and notifying the security team about possible ransomware attacks. I’ve personally had a lot more success in ingraining a culture of security by getting my colleagues to enjoy being secure, instead of striking fear about breaches and attacks.

Keep Reviewing Your Disaster Response and Recovery Plan, and Test it: A solid and practical companies recovery plan needs to reviewed and updated regularly. Crucially, it needs to be tested with recovery scenarios. Do not wait until the worst-case scenario happens and then react in the “planned” way.  After an attack or compromise, most companies will view what’s happened and determine what can be approved. The required response may not be known or understood, but the documentation and dissemination of the process helps employees understand and execute. Testing the plan, identifies gaps and ensures the procedure is sound.

Ensure Executive Management Buy-in: That’s one thing that is repeatedly emphasized through Certified Information Systems Security Professional (CISSP) training — you’ve got to have support from the CEO on down. Management needs to view security as a paramount business priority. Monetizing damages and getting that in front of your executive team is a compelling way to show them the importance of security.

Secure your Data with a Proven Backup and Recovery Solution: A comprehensive backup and recovery solution makes it easy and fast to ensure that all data can be recovered in a quick, and painless manner. Recovery Point Objective (RPO) and Recovery Time Objective (RTO) are two of the most important parameters of a disaster recovery or data protection plan. RPO refers to the point in time in the past to which you will recover. RTO  refers to the point in time in the future at which you will be up and running again. Quick recovery from an attack is key to minimizing the target time frame before an unacceptable consequence such as a break in business continuity. These objectives are helpful in guiding enterprises to choose an optimal data backup plan.

Recovering from a Ransomware Attack

Do NOT Pay: Paying the ransom is never a good idea — it encourages the attackers and can mark your company for continued attacks. Moreover, only 19% of ransomware victims who pay the ransom actually get their files back, per CyberEdge’s fifth-annual Cyberthreat Defense Report.

Communicate Effectively and Responsibly: When you’ve suffered an attack, you need a way to get the right information to the right people, whether it is employees, legal counsel, law enforcement, customers, or the press. Most companies don’t want to publicize any kind of a breach, but that may prolong your business recovery time. Look at the timeframe, make sure you talk to legal counsel, bring in law enforcement and then communicate with your customers.

Restore your Data with your Backup and Restore Solution: Backup is the number one recommendation for recovery. Apart from being the only way to recover, (short of the dubious way of paying the ransom), backing up your data is the fastest and most cost-effective way. Every day that the data is inaccessible by your business, it impacts your productivity, business continuity, customer experience, vendor relationships and bottom line. Reduce your RTO by quickly using your backup solution to restore your files to the last known good date. If your backup solution supports complete, point-in-time restore, ransomware is not the catastrophic disaster that it could be.

Download the Whitepaper “Preventing a Ransomware Disaster”

*** This is a Security Bloggers Network syndicated blog from Spanning authored by Brian Rutledge. Read the original post at: