During the past two years or so, we have witnessed digitalization of organizational processes at a mind boggling pace. From a cyber security standpoint, this means a larger footprint or threat surface, which in turn becomes a prized target for cyber criminals.
Over the years, the cyber crime world has also grown in many ways. Gone are the days of cyber threats like phishing, which though harmful, did not pose Business Continuity (BC) challenges to enterprises.
This is the era of rampant ransomware attacks, in which a malicious actor exploits some vulnerability within your network, gains unauthorized access, and encrypts all your data. After being hit by a ransomware attack, you are left with two main options.
The foremost priority is to initiate the restoration process of your enterprise data and mission critical processes, in case any such plan was already in place before the attack. The other alternative is to pay up the demanded ransom, in exchange for recovering your data. Related: 4 Security Risks of Windows and How to Prevent Them
Why Ransom Payment is not a Good Idea?
Needless to say that any ransom payment to a cyber criminal is against the law, but as this is happening around us, we can’t just ignore the “elephant in the room”. Firstly, it is persistent ransom payments that are fuelling even more ransomware attacks.
Even if you do end up paying the ransom, there is little to no guarantee you will get the data back in one piece, and whether you will be able to fully restore mission critical processes or otherwise.
Ironically, some ransom payments are backed by no other than cyber insurance carriers themselves. They arrive at this conclusion by weighing in on the costs of recovery and downtime, and concluding that the ransom demand is more “reasonable”. Related: Tightening Access Security Should Be a Priority
How to Navigate the threat of Ransomware?
Enough with the horror stories of ransomware, as we are here to chalk out a workable strategy to tackle this raging menace. We will try our best to approach this sensitive issue in a practical and logical order.
Changing the Mindset around Cyber Security
It is the mindset around cyber security tools, protocols and investments that needs to be changed as a starting point. This change needs to originate from the top most tier of the enterprise, and trickle down to every tier of the organization. Related: No Better Time to Address Your Cloud Security Concerns
A Recovery Centric Approach
When hit by a ransomware attack, enterprises that are looking at ways to make the ransom payment are looking in the wrong place. Instead, the focus should be on in-house recovery of data and mission critical organizational processes, rather than ransom payment.
Set the Business Continuity (BC) Bottom-line
This is a critical and first practical step towards any anti-ransomware exercise. The BC bottom-line is established by defining those mission critical processes and workloads, which either cannot be disrupted, or need to be immediately restored if hit by any such attack.
Alternate Procedures or Back-up n Restore?
This is a choice that every enterprise which is planning ransomware protection needs to make. So, all the mission critical processes and workloads will either need to be restored over some alternate delivery channel (ADC), or back-up and restore will be required.
Establishing Patching Protocols and Timelines
No matter how many times you restore your mission critical processes, or shift them to ADCs, they could again be disrupted by exploiting the same vulnerability that was used in the first attempt. So, before you restore, you need to plug the vulnerability via patching.
Just like any other cyber security protocol, patching also requires both time and resources. So, when defining the protocols for patching, leading up to restoration of the systems, enterprises need to strike a balance between preparedness and the associated costs. Related: Zero Trust Security – The Way to a Secure and Compliant Infrastructure
Establishing Restore Protocols and Testing
Here is an interesting piece of information, most enterprises tend to have some sort of a data backup plan in place, but only few go the extra mile to put their back-up and restore mechanism to the actual test.
As a result, many system restoration attempts after ransomware attacks tend to fail, or take too long to deliver the desired outcomes. So, enterprises need to put in place formal restore protocols, and put them to the test in order to ascertain their efficacy.
Conclusion
The area of cyber security in general, and ransomware protection in particular, is not something that happens overnight. Cyber security is something that needs persistence, patience and investment in the right set of tools and people.
Down the line, most businesses will realize that the investments they made in establishing a robust cyber security posture are not at all significant, when compared to the ransom demands being made by cyber criminals, with no surety of the outcome despite paying up.
Contact dinCloud for highly secure cloud solutions that offer robust protection against ransomware, as a part of our competitively priced offerings and solutions.
