A Ransomware Defense Is Not Enough: Organizations Also Need a Recovery Strategy
It’s time organizations look beyond ransomware shields and prepare proactively for possible attacks that may fall through the cracks.
Many business leaders never expect they will suffer a breach, just as they don’t expect an accident when they get behind the wheel of their car. But hopefully, they all put on their seatbelt … just in case. Yuen Pin Yeap, CEO, NeuShield, shines the spotlight on having an effective recovery strategy since ransomware defense is not enough.
The attitude of safety precaution is a protective mechanism that most people live by every day. And by law, we have insurance policies and procedures in place if that unexpected accident occurs. Organizations look beyond ransomware shields and proactively prepare for possible attacks that may fall through the cracks.
Ransomware Defense Backed by Recovery
Ransomware recovery times vary widely, from being down one or two days to months. Statista reports the average downtime a company experiences after a ransomware attack is 22 days. When it comes to cybersecurity protections, it’s a fool’s errand not to be as prepared as possible. Businesses need backup systems and multi-layered security. Even still, most of those who fall victim are not prepared. In truth, they may never be fully prepared to handle the fallout, and therein lies the problem. According to a recent report, 95% of ransomware attacks also attempted to infect backup systems. All ransomware breaches within the past few years have eluded cybersecurity protections. You name it, they’ve gotten past them. That’s why organizations need proactive recovery strategies in addition to defensive and reactive security measures.
See More: What Makes the Hive Ransomware Gang That Hacked Costa Rica So Dangerous?
The War between Business Defenders and Nefarious Hackers
A long-lasting remnant of many wars are minefields, explosives hidden and waiting for the unsuspecting. The fields look completely safe but underneath lie armaments that inflict severe damage. Any organization with digital assets operates within a landscape rampant with cybersecurity minefields. Ransomware, other malware and malicious exploits have created a battlefield that will surely damage underprepared enterprises.
Cybersecurity must be as agile as today’s workforce. It must ensure continuous and consistent protection and an optimal user experience, regardless of where infrastructure, users and devices are located.
Below are three critical areas that every organization should include in its strategy. Each is integral to creating a strong cybersecurity posture.
Defensive cybersecurity
Cybersecurity technology, processes and user education: Endpoint security, identity and access management, email security, firewalls, encryption tools, penetration testing, employee training, etc. Defensive cybersecurity measures include multi-layered security that utilizes several distinct components, each serving different purposes and protecting different areas like data, endpoints, servers, applications and networks. This multidimensional approach is designed to defend operations and secure infrastructure and services. However, these solutions are not impervious. Remember, virtually every ransomware breach has found its way around cybersecurity protections within the past few years.
Reactive cybersecurity
Manual system recovery: Manually restoring breached systems requires users to bring their devices into the corporate office for IT to recover data and operating systems. With most employees working from home, manually restoring systems incurs heavy costs and excessive time (weeks and sometimes months) to bring all systems back to their pre-breach state. A ransomware breach encrypts all the data on a machine, not just one or two files. This may not be a big problem for a single system or even a handful of computers. But hackers don’t set their sights on one device. They seek to control as many computers as possible. That could mean dozens, hundreds, and for large organizations, thousands of systems. No matter the company size, virtually all organizations lack sufficient staff to handle an extensive breach. As a result, they’ll be overwhelmed and never fully prepared to handle the fallout.
Backup systems: Backing up data is critical for any business, large or small. The data can be from Word documents, spreadsheets, emails, databases, customer data, and other files, like images, music, etc. In the event of a natural disaster or accident, disconnected and offsite data backup locations store copied data from a primary location. Keep in mind that data backup is not designed to recover from cyber breaches. And while vendors promote their recovery can be accomplished in fifteen minutes, that certainly is not the case for recovering from a ransomware breach with 100% of the data encrypted. When conducting a backup test, not much will have changed. And so, of course, the test may only take fifteen minutes. But it takes much longer to bring a single system back up when there are two gigabytes of changed data.
Ransomware encrypts the entire system, so all the data will be gone. Multiply this by hundreds or thousands of breached systems, and it’s easy to see why backup recovery is no small matter. It requires formatting the systems, reinstalling or reimaging the operating systems, and connecting them back up to the network. And this is in addition to the time it takes just to figure out what the breach was and what systems were impacted. When hundreds of computers are infected, trying to recover them all at once will congest network bandwidth, impeding normal business workflows and overwhelming and stressing IT staff.
See More: The Future of Ransomware Defense: A Primer for Business Leaders
Proactive cybersecurity
Instant recovery technology: There’s a big difference between a cyberattack and a cyber breach. While ransomware breaches may not be one hundred percent preventable, they can be reversible. We can’t always prevent a cyberattack, but we can prevent data loss from a breach. This is where instant recovery comes in and is a critical component of a multi-layered security stack.
A system that recovers data and operating systems within minutes, no matter how much was encrypted, will save valuable time and money. An instant recovery system adds an overlay to files and operating systems as a protective barrier to prevent them from being modified by hackers. It relieves IT personnel from having to recover data from backup systems and manually re-image operating systems. It also eliminates the need to recover data over the network, conserving bandwidth and eliminating congestion.
Every organization with digital assets should have a multi-layered cybersecurity strategy that includes defense, response and recovery capabilities. These are essential for achieving a strong cybersecurity posture that is agile and will help ensure continuous and consistent protection while enabling quality user experiences.
How are you proactively implementing recovery strategies? Share with us on Facebook, Twitter, and LinkedIn. We’d love to hear from you!
MORE ON RANSOMWARE:
