How to Enhance Ransomware Resilience: A Complete Playbook
Enhance ransomware resilience with a solid response playbook and trusted backup strategies.
Discover essential strategies for enhancing ransomware resilience in organizations. Dave Russell of Veeam explores the importance of response playbooks, trusted backups, and disaster recovery orchestration to mitigate cyber threats effectively.
With ransomware cases still rising, more organizations are taking out cyber insurance to protect themselves if an incident occurs. The good news is that most ransoms (77%) are being covered by insurance, according to the Veeam 2023 Global Report on Ransomware Trends. The bad news? Cyber insurance costs are spiking, ransomware is being excluded from some plans, and a quarter of those who paid a ransom still couldn’t recover all of their data, according to the same report.
So, cyber insurance can’t stand up to ransomware by itself. To be resilient in the face of the growing threat, organizations need to double down on more standard types of “insurance” against disaster. They need to create and follow ransomware response playbooks that spell out how to deal with a cyberattack and ensure that business continuity stays strong if an attack occurs.
What Goes Into a Response Playbook?
Looking at your incident response plan as a playbook helps to better prepare for the inevitable – whatever the outcome of an attack may be. The playbook should account for different scenarios and protocols and be updated regularly. It’s not a “one and done” game to play. It needs a mechanism to ask the right questions, gather the right information, and follow the right protocols. It also should determine what machines are mission critical, who the application owners are, who to call when information needs to be retrieved, what the organization’s threshold is for data loss, and what compliance and regulation needs must be accounted for.
The most common – and most essential – element in a solid incident response playbook is a good backup. This involves two key components. One is creating clean backup copies, which should protect survivable data against attacks and not include malicious code. The other is setting up recurring verification that the backups are recoverable.
On the backup side, the playbook should ensure the data is protected, and the backup job works as expected. During recovery, moving as fast as possible is essential, so plans should pull in automation and orchestration. The final requirement is that the data that gets recovered won’t re-introduce a threat to the environment.
Are organizations prepared for cyberattacks? Not as much as they should be. According to Veeam’s Ransomware Report, 13% of IT leaders said their firms don’t have an established risk management program that drives their security strategy, while another 35% say their program needs improvement. Research shows that many organizations need to develop – or at least enhance – their ransomware response strategies.
Here are some important facets to implement in a ransomware response playbook:
Trusted Immutability
In today’s hybrid-cloud world, protecting data is no longer just about securing a single backup repository at a single physical site. To become truly cyber resilient, enterprises must protect their data against internal and external threats. They can do this by creating layers of immutable backup copies of data in a state where recovery from ransomware is favorable: on ultra-resilient media that is offline, air-gapped, or immutable. In one state, some media can be all three at once, such as WORM tape media when removed from the library. But today, it doesn’t have to be cloud or tape only to get these levels of data comfort. It can be on cloud backups or rotating media that are offline.
See More: Why Immutable Backups Are Essential
Backup Verification
Trusting that backups will work in a time of crisis is risky. Organizations need to set up verification processes that prove backups get performed successfully. The challenge of relying on backup job logs only shows the job completed without proving the data can be recovered. You need to be able to run multiple tests on backups to confirm the data is malware-free and that the data can be recovered.
See More: Top 10 Two-Factor Authentication Vendors
The 3-2-1-1-0 Rule
Anybody around cybersecurity for a while has encountered variations on the “3-2-1-1-0 Rule.” This formula requires that at least three copies of important data be saved on at least two different types of media – one or more being housed in an off-site location. The second “1” refers to resiliency: Organizations should make sure that at least one copy adds a layer of protection against ransomware – being air-gapped, offline, or immutable. The final zero is added to stress that there should be zero backup errors because automated backup verification ensures your data is valid and usable for recovery.
Disaster Recovery (DR) Orchestration
Hoping for the best isn’t going to help in a disaster. Automation and orchestration are essential components for the protection against attacks and the recovery of data. Data is your most important asset. Your disaster recovery plan must be well thought out, flexible, and tested to ensure it will work in a crisis.
Organizations can’t afford to fall behind on preparedness, which includes an incident response playbook to improve response and recovery times while reducing the risk of re-infection during restoration. Those with a plan will be the real winners, potentially reducing their chances of insurance providers being ill-equipped to cover all elements of the aftermath.
What steps have you taken to strengthen your organization’s defense against ransomware attacks and ensure data protection in the face of cyber threats? Let us know on Facebook, X, and LinkedIn. We’d love to hear from you!
Image Source: Shutterstock
MORE ON RANSOMWARE ATTACKS
