Protecting your business in the age of ransomware

With ransomware attacks, it's not 'if' but 'when'. When you fall prey, you needn't lose the upper hand.

By Josh Jaffe, vice president, customer operations business unit security officer, Dell Technologies

Ransomware is hitting close to home for organizations of all sizes and sectors. With attacks making headlines daily, it’s no surprise that 62% of surveyed IT decision-makers are concerned about coping with malware and ransomware, according to the Dell Technologies 2021 Global Data Protection Index (GDPI).

It’s not only the rising drumbeat of the bad news that keeps this threat top of mind. When you regularly see the impacts on your industry peers, you start asking yourself: Are we next? At the GDPI launch event, Michael Dell, chairman and CEO of Dell Technologies, explains why all businesses, large and small, from your insurance broker to the local butcher are more spooked than ever before.

The GDPI uncovered that 64% of leaders are concerned they’ll experience a disruptive event, such as data loss or downtime, in the next year. With the frequency of ransomware attacks on the rise, I think all businesses should expect an attack. Whether or not you should be fearful depends on how prepared you are.

A threat like no other

Many cybersecurity threats are destructive, but few pack as big a punch as ransomware. Its profound effects stretch across your entire organization, halting operations, disrupting business-critical services and sometimes even putting people at risk. These attacks are also among the costliest to mitigate.

What makes ransomware unique, however, is its “in your face” style. You can discreetly mitigate other security incidents, but ransomware attacks have become so overt that your customers will most likely know about them. What would that do to your brand reputation and trust?

‘The perfect crime’

For cybercriminals, ransomware is the perfect crime for the digital age. Not only does it have a low entry barrier, but it yields a greater return on investment than garden-variety cybercrime. Like a savvy entrepreneur, a threat actor goes where the best opportunities are—and today, that’s ransomware.

Think about it. A ransomware attack requires little technical skill, thanks to the availability of ransomware-as-a-service on the dark web marketplace. The ransomware operators don’t have to concern themselves with reconnaissance, gaining initial access or writing exploits. All these services, and plenty others, are available in abundance—complete with 24/7 customer service.

On top of that, the attackers don’t have to go far to monetize. When you’re hit with ransomware, you become, in essence, an instant “customer” of theirs. They know you need your systems to be up and running as fast as possible, and you need to prevent the potential release of your data. They have your instant attention and the power; unless you have the means to defend yourself and recover your data.

Defense starts with the basics

To guard against ransomware, you have to start with the basics. First, implement the NIST Cybersecurity Framework (or another that’s best practice in your industry). Once you have the essential pieces in place—patching, antivirus, security awareness, and so on—you can build to the more sophisticated defenses, such as zero-trust and identity and access management.

Regardless of what other defenses you have in place, one of the most critical steps in fighting a ransomware infection is data backup. The more robust your backup plan, the less power and hold the attackers will have over you.

So, what’s your backup plan?

You likely have a backup strategy, but have you considered how ransomware has evolved? Before compromising your core data, attackers will typically spend a little bit of extra time in your network to see if they can compromise your backups. If you have a connected backup, they’ll find a way to exploit it.

That’s why you need an immutable, offline copy for your critical systems. But if this immutable copy is at some distant location on tapes, how quickly can you access it and restore your systems? According to the GDPI, the average time to recover from disruption, such as a ransomware attack, is six hours. But that’s too long for many.

Founders Federal Credit Union (FFCU) calculated that they could only give themselves an hour window. In a high-volume, online transaction-based industry, they simply couldn’t afford more time. So the financial institution implemented a major overhaul of its data center with a focus on cyber resilience.

One of the many parts of this transformation initiative for FFCU included a data backup and recovery plan that ensures data is always available, always protected, and always in use, thanks to technology such as a cyber recovery vault.

Improved compliance, business growth and enterprise-class business resiliency are among the many outcomes for this small, regional credit union. But what makes FFCU a great success story is that today, it offers cyber resiliency consulting to other federal credit unions, in addition to participating on technology advisory boards for cyber resiliency and digital transformation.

One more step: practice

Another important step in ransomware defense that many organizations overlook is practicing their disaster recovery and response plans. Without running drills, simulations, and tabletop exercises, your team will have to work things out in the middle of a crisis. That’s not the best time to figure out who to call and where to find those phone numbers.

According to the GDPI, 67% of IT leaders are not very confident they’ll be able to recover their business-critical data in the event of a destructive cyberattack. As an industry, we can do better. If you haven’t thought through the ransomware risks and implications yet, start that process now. With practice comes confidence. Be reassured: You don’t have to be beholden to brazen criminals. There are ways and means to protect yourself. Yes, at some point in time, you’ll be targeted (if you haven’t already). But you can choose how you respond and minimize the fallout. There are ways to protect your business and recover your data without submitting to the criminals’ demands and lining their pockets with your hard-earned money.

Lead photo by Mika Baumeister/Unsplash