The question of whether your organization will be affected by a ransomware attack is not an “if” but rather “when”.
The fact is that ransomware attacks are on the rise, and they can hit anything from critical infrastructure to small businesses trying to stay away from the cybercriminals’ radar.
What is important to keep in mind is that it is not just a technological problem; it is a matter of preparedness, including expanding internal awareness and improving communication to prevent unnecessary extra steps to stop an attack.
According to the SonicWall Cyber Threat Report from 2021, ransomware attacks in North America have increased by 158% and globally by 62% since 2019. The report also describes that cybercriminals are using increasingly sophisticated tactics to try to shut down companies and demand data ransom. . Almost all companies rely on data to run their business, so this is a pervasive problem.
Knowing the best ways to ensure preparedness for this type of cyber attack can help minimize and even neutralize the impact of ransomware attacks that basically take a company as data hostages.
Here are the three best practices that should ideally be implemented before a ransomware attack.
- Know your company’s capabilities to combat ransomware
You should know what you can do – and can not do – in a ransomware attack. This is crucial, because if your company does not have a clear picture of the situation, the management can unnecessarily decide to pay “ransom” for the data, when they do not really have to pay to get all the data back safely.
Cyber attackers can gain access and demand ransom for a company’s data. The company pays, but then it turns out that the process of recovering data from the cyber attackers is slower than the company’s own recovery process from snapshots or from the backup systems. The speed of data recovery must therefore be assessed in a ransomware attack. Paying the ransom typically does not result in immediate recovery anyway.
Contingency plans are part of a healthy contingency. One of the plans should deal with handling a ransomware attack: How can the company ensure almost immediate recovery if the ransomware attack is ignored? Second, how can the company ensure that the data is not corrupted? Planning and having a strategic approach to contingency plans, in place to tackle these challenges will give a company’s management greater confidence in how to move forward.
- Prepare clear, concise communication with reliable information
In the midst of a cyber attack, communication within the company can all too easily be disrupted, fragmented, and isolated. Weaknesses in internal communication, such as an interruption between business management and IT management, may be exhibited. If the company management has limited information and does not have a complete and clear picture of what the company can and cannot do, decisions can be made that lead to financial losses, damage to reputation and operational disruptions that could otherwise have been avoided.
IT management must have a seat at the crisis management table and have the right to tell the truth, even if the other managers may not want to hear it. A cyber attack usually increases the tension in the top management, whereby the management can fall to react to get it over with and choose the solution: “Just pay the ransom.”
However, effective internal communication can ensure that all decision makers are aware that the company has the tools to recover the data – without having to acknowledge or negotiate with the criminals behind the ransomware attack. At first glance, this may sound counter-intuitive, but with next-generation cyber-recovery technology, you can easily ignore them from a data storage perspective.
- Keep your “checklist” up to date and standardized as preparation for future potential ransomware attack
You do not just have to tick the checkboxes. It is important to make sure that you have the correct check boxes on the checklist and that it does not remain static.
The checklist can serve as a barometer of the level of company readiness. This puts the company in a constant state of readiness, which, however, must be stress tested using controlled simulations. The point of an appropriate checklist is to prevent compromising company data.
Implementing immutable snapshots is a perfect example of a strategy whereby the data cannot be corrupted or encrypted. They are snapshots of all company data that cannot be overwritten, altered or deleted. It allows you to go back to a given time, and quickly recover data from a snapshot, which makes a ransomware attack seem more like a speed bump on the road, figuratively speaking.
When using unchanging snapshots, you can be sure that your data can probably be recovered without the need to pay ransom to cybercriminals. This is also the reason why immutable snapshots appear on an increasing number of checklists.
Be sure to test everything on the checklist – as well as procedures. All too often, disaster recovery tests are considered a nuisance that simply need to be performed satisfactorily with as little effort as possible.
Instead, choose to have an attitude about searching for any weak links and challenge IT to try to find ways to break through the defense! This can reveal previously unseen problems before they become real problems. Do not wait for the attack to take place; simulate your own attacks, and practice reinstalling your backups.
By: Fredrik Arveskär, head of Infinidat in the north
Source: IT-Kanalen by it-kanalen.dk.
*The article has been translated based on the content of IT-Kanalen by it-kanalen.dk. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!
*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.
*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!