Prevent, Detect, Recover: Combating Ransomware Requires a Comprehensive Approach
It’s been a challenging year for businesses. While many firms were able to navigate and persevere through the global pandemic, nearly all experienced transformative change in how business is done, for better or for worse. And here’s one more hurdle companies faced last year: an “unprecedented” rise in cybersecurity risk. One survey shows that more than 60% of organisations were impacted by ransomware in 2020; nearly 80% suffered some sort of business disruption or financial loss due to lack of cyber preparedness.
Attackers don’t seem to be letting up. In the first quarter of 2021, the majority of ransomware attacks included corporate data theft. In many cases, this data was held by multiple parties and was not properly secured, reports Help Net Security. This data was often published by the attackers before a company could even respond to or pay the ransom. Ransom payment figures also increased in the first quarter of this year, up 43% (average ransom payment of $220,298!) from the end of 2020. The average downtime that resulted from these attacks also expanded to 23 days.
These costs—which include not just the ransomware payment itself but also reputational damage, resource constraints, and loss of business—are devastating, especially to small and medium-sized businesses (SMBs).
Unfortunately, security experts predict an active year ahead for ransomware, targeting nearly every industry and company size. At the same time, many organisations are deficient when it comes to cyber preparedness and business resiliency. To effectively combat the threat, today’s businesses must implement an effective and holistic security posture—one that aims to prevent, detect, and recover from attack. In this post, we highlight some of the benefits and features of this more holistic approach to cyber preparedness.
Why a Holistic Approach is the Best Defence
In 2021, small businesses remain disproportionately affected by ransomware attacks. Often, these business owners lack the time and resources to fully mitigate the threat of ransomware. Owners may even erroneously perceive that their data is not attractive or not valuable to attackers. (Spoiler alert: it is.)
While there are many moving parts to an effective ransomware protection strategy, it’s not only a critical investment for all businesses, but it can be affordable and achievable with the right information and assistance.
A holistic, comprehensive approach to cybersecurity is the best defence. In part, this is because ransomware attacks can infiltrate your organisation in myriad ways, including email, network, and the cloud. Further, the sudden transformation to remote work means that our home networks and devices are also key attack vectors. We hear too many stories of “Shadow IT” scenarios in which remote workers rely on personal devices and home connections and even misconfigure the security settings of collaboration and communications tools (even if these actions are well-intentioned). In short, all of your networks, systems, and infrastructure must be protected.
The solution is simple: Protect, Detect, Recover.
Protect: Multilayered Cybersecurity
No matter your industry or size, it’s common for organisations to entrust their cybersecurity to a mishmash of isolated applications and solutions spread across disparate networks. This makes it easy for nefarious actors to exploit security gaps. For a ransomware security solution to be truly effective, it needs to plug every whole in security coverage and protect against all points of entry (including email, network, cloud, and endpoints, as mentioned above).
Additionally, as the number of remote workers rises, fewer organisations can rely solely on company firewalls to keep data secure. To solve for this, your firm should consider implementing strict identity management processes, including multi-factor authentication, privileged access management, and zero trust security to create a robust virtual security perimeter.
Detect: Extended Detection and Response
Another challenge is the sheer amount of data and information that’s coming in. Many technology teams struggle to handle the copious security information they receive, which further increases the risk of overlooking a sophisticated attack or intrusion. A recommended solution is Extended Detection and Response (XDR).
Rather than identifying security events on an endpoint, network, or in an email, XDR lives and operates from your data centre, to not only effectively gather and correlate all these events across various security controls (such as antivirus software and firewalls) but also to help you make sense of it all! The increased visibility that XDR brings will help thwart attacks that make it through; it will also help prevent further damage.
Recover: Resilience and Disaster Recovery
The third leg of your holistic ransomware security is about getting back to business as usual. One of the greatest costs of a damaging ransomware attack is the potential loss of customers. Today’s savvy consumers expect your business to be available 100% of the time, especially if you provide critical products or services. A ransomware attack can lead even your most dedicated customers or clients to seek alternatives, perhaps with your competitor. As such, it’s critical to build resilience against ransomware into your holistic security strategy so you can get back up and running as quickly as possible. This means taking a proactive approach to protection.
We suggest you implement a disaster recovery solution with real-time replication. This enables the most up-to-date backups and point-in-time rollbacks so that you can easily restore data (and hopefully avoid paying costly ransoms altogether). Yet, keep in mind that while data backups are a critical component of your disaster recovery plan, they, too, can be encrypted or deleted by an attacker. The key is to choose a solution that offers immutable backups, meaning that once the data has been written, it can’t be changed.
Preventing Ransomware in your Organisation
We hope this post demonstrates the benefits and necessity of a more holistic approach to cyber preparedness, from protection to recovery. We also know it can seem like a daunting assignment. At Optec, we've partnered with best-in-breed vendors to deliver an affordable and achievable solution that is customised to your unique business needs.
To help you protect, we recommend Fortinet Security Fabric to enable prevention across all points for a single, integrated solution. To help you detect, we work with Fortinet to bring you FortiXDR and Assured Data Protection to offer XDR-as-a-Service - both of which deliver the latest XDR technology to ensure that attacks don’t get lost in the ‘noise.’ And, to help you recover, our backup and data recovery solutions from Assured Data Protection offer a fully managed, scalable, and flexible service so that your team has more time to focus on other urgent tasks.
Remember that, statistically speaking, there's a very real chance your business will fall victim to a devastating attack this year. The best advice we can offer is to be prepared. It all begins with a holistic and robust approach to cyber preparedness, and we’re here to help - get in touch with us today.
Related posts