Asigra Inc. highlighted a number of best practices proposed by providers of both preventative and responsive solutions for combating the financial ramifications of ransomware.
According to a bulletin released by the Federal Bureau of Investigation Ransomware attacks are becoming more targeted, sophisticated, and costly, even as the overall frequency of attacks remains consistent. Cyber criminals can take advantage of security weaknesses in widely used software programs to gain control of victim systems and deploy ransomware. For example, recently exploited vulnerabilities were discovered in two remote management tools used by managed service providers (MSPs) to deploy ransomware on the networks of customers of at least three MSPs.”
Industry experts often cite two categories of ransomware defensive approaches and solutions – preventative and responsive. Preventative strategies stop such attacks from succeeding in a way that would maintain business access to their data. Strategies in this area would include training employees about the proper handling of potential phishing emails, implementing the proper cybersecurity software to protect primary data and a second layer of security-enabled data protection on secondary storage to ensure the complete recovery of criminally encrypted data.
Five best practices cited by experts in these areas include:
1. Cultivate a security-aware culture: Educate and train employees on the dangers of phishing emails. Phishing is the number one method used by ransomware attackers because it is an effective means to access a target’s network.
Responsive ransomware strategies include ransomware recovery experts (CYPFER Corp. for example) to minimize downtime and potential financial loss in the event an attack was successful. These measures also include a managed service provider to assist in finding all possible alternatives to return mission critical data to the customer. Additionally, it would also include a credible cyber-insurance provider at the company’s disposal to financially cover the event and address monetary damages.
2. Backup files and protect backup data: Regularly back up data using a 3-2-2 methodology where three copies of data are stored locally on secondary storage; two additional copies of backup data are kept on different locally available mediums (devices); and two backup copies are stored offsite two remote locations, such as a remote facility or cloud-based platform. In the event the training and primary cybersecurity measures fail, ensure the backup data is protected as it will become the recovery technique of last resort should the network be impacted. This is effectively done with a backup solution that addresses ransomware Attack Loops™ by scanning for malware instream and as recovered data is returned to production, among other techniques.
3. Secure the network environment. Keep programs and operating systems up to date, ensure servers are patched and updated, and securely restrict and limit system components and administration tools by granting users enough access or privileges to accomplish a task or run an application.
4. Defend primary data: While there are an endless number of cybersecurity solutions available, choose solutions with an effective record of success and deploy accordingly to protect both traditional and remote workforce environments.
5. Insure: Some ransomware payments have been reported to be in the millions. Organizations that have no other option but to pay the ransom, would be remedied by having a cyber insurance policy that covers the damage from such attacks. Having a policy that protects against such attacks and the resulting liability could mean the difference between continuing with operations or claiming bankruptcy.