Give Me All Your Bitcoin: Ransomware is Getting Worse, and it’s Generally Being Underestimated
In 2021, ransomware attacks cost businesses $20 billion worldwide. On average, the cost of recovering from an attack is $1.85 million — more than double what it was in 2019.
You might be thinking, “not my business, I’m not a big enough fish,” but you couldn’t be more wrong. In the past 18 months, 60% of all midsize organizations were targets of ransomware attacks.
So, how do you prevent your business from becoming another statistic?
You’re going to need a two-pronged approach that starts with proactive protection and ends with a rock-solid response and recovery plan. Experts also advise partnering with a security specialist instead of trying to keep cybersecurity efforts in-house. As ransomware attacks are growing in sophistication, in-house measures are increasingly inefficient, slow, and exploitable.
Having a managed security service provider (MSSP) whose sole role is cybersecurity is a smart move.
Here is what’s good, better, and best when it comes to preventative cybersecurity measures.
- A MANAGED FIREWALL IS GOOD: An MSSP that can manage a firewall for you is a good start. A managed firewall puts the operation, administration, monitoring, and maintenance of your first line of protection into the hands of experts.An MSSP will monitor your network, provide reporting & analysis, and keep your firewall patched and up to date to mitigate attacks 24 hours a day.
- DNS PROTECTION IS BETTER: Every connected site and device in the world has a unique IP address, but thanks to DNS servers we don’t have to remember what they are. A DNS server takes your plain language request — firstlight.net, for example — and matches it to the correct IP before rerouting you to the correct site.There’s a problem though: DNS servers are notoriously unsecure.With DNS protection from an MSSP, you can get DNS traffic monitoring, a private DNS server, or both. Traffic monitoring provides a layer of security that can shut down suspicious requests, block blacklisted connections, and generally shore up the vulnerability that DNS servers introduce.
- A SECURE WEB GATEWAY IS BEST: Think of a secure web gateway (SWG) as your security guard, but for digital property. An SWG, either software or hardware, sits between your employees on your network and the internet and monitors traffic, blocks unverified websites and enforces predefined protocols.Simply put, an SWG allows users to only access what’s already been pre-approved while blocking everything else. This level of security is becoming increasingly important as employees are working remotely from unsecure machines.An SWG managed by an MSSP will provide top-tier security and a user experience that doesn’t feel restrictive.
- ANOTHER IMPORTANT CONSIDERATION: Hackers are getting smarter by sending emails posing as company insiders requesting recipients to open a spreadsheet or click on a voicemail message infected with malware. These infected messages are actually baited traps that allow hackers to infiltrate servers, steal data, or implant ransomware.The best remedy is to train employees to be on the lookout for phishing attacks and be hyper-vigilant for messages that don’t quite look right. Integrated security awareness platforms such as KnowBe4 provide employee training modules that identify common ransomware red flags. With KnowBe4, organizations can orchestrate simulated phishing attacks to see if users click on a bogus link. Would-be victims then receive gentle reminders to stay vigilant.
Response & Recovery
Even with preventive measures in place, it’s important to prepare for the worst — the odds of being affected by a ransomware attack are high and you need a robust response and recovery strategy.
The goal is to quickly restore operations in the wake of an attack without any data loss. An experienced MSSP can help you create a plan that will do just that. But, like proactive protection, response and recovery strategies come in different shapes and sizes.
Here’s what’s good, better, and best.
- IMMUTABLE BACKUPS ARE GOOD: You obviously need a backup of your data. At the bare minimum, the 3-2-1 rule (3 copies of your data on 2 different media, with 1 copy stored offsite) should be employed.Because today’s ransomware attacks can target backup files and infect them, and manual backups are susceptible to human error, immutable backups are increasingly necessary. An immutable backup is one that cannot be encrypted, modified, altered, rewritten to, or deleted — you can write to an immutable backup once and only once.When properly managed, immutable backups offer a series of restore points for your business that become life rings in the aftermath of a ransomware attack.
- INSIDER THREAT PROTECTION IS BETTER: A ransomware attack can easily come from inside your organization — former employees, contract employees, even employees who simply made an error.An MSSP with an insider threat protection plan can set up credential management, isolate sessions, provide access when and only when it’s needed (and revoke it when it’s not), monitor your systems for activity anomalies, and generally control access across the organization, all in real time.
- DISASTER RECOVERY IS BEST: OK, so the worst has happened: Your enterprise has been the target of a ransomware attack, your security measures have been penetrated, and the crooks got a hold of your data. The goal now is to not pay the ransom, shore up your vulnerabilities, reduce operational downtime, and restore the most up to date, clean backup of your data. This requires meticulous planning, technical knowhow, and a dedicated team.Leading IT groups recognize disaster recovery (DR) as the fastest way to full operational restoration, and a cloud-based DR solution led by an experienced MSSP is going to be your best bet in the event of the worst-case scenario.
Safeguard Your Enterprise
To find out more about the latest threats and strategies from national experts from the U.S. Department of Homeland Security, Veeam, Cisco, KnowBe4, and others, be sure to attend the New Hampshire Cloud Connect Summit June 29th at LaBelle Winery in Amherst, NH. Click here to register, and be sure to use code “Chamber” to waive the registration fee. (www.cloudconnectsummit.com)