sb-as logo
Story image

Deal triple damage against ransomware with these 3 ultimate strategies

13 Aug 2020

Ransomware has been snapping at the heels of businesses since 1989, but even after the 21-year-long battle, ransomware is far from dead.

While much talk centres around the financial implications of a ransomware attack – particularly for businesses that have not only lost data but also paid the ransom, there are many other costs such as brand damage and a loss in customer confidence.

“When I talk about ransomware at events, I will often ask for a show of hands of how many attendees have had some sort of ransomware incident. It’s shocking how many hands are raised If you haven’t had an event yet, you are lucky,” says Veeam’s senior director of product strategy, Rick Vanover.

When data loss is not an option and paying the ransom is not an option, how do you ensure that ransomware doesn’t win?

Veeam specialises in backup, restore, and recovery solutions, as well as the ability to help organisations prevent, detect and recover from a ransomware attack, so the company understands exactly how organisations typically deal with these incidents.

Ranover says there are three main strategies you need to win every ransomware battle: Education, implementation, and remediation.

Each strategy has its own disciplines, tools, and sometimes different people that support it, with wider support from IT and management.

Let’s take a brief look at the first of these strategies.

Education

Once an organisation has identified the risks associated with a particular threat actor, it should then aim to educate IT teams and end-users within the organisation. 

There are three main entry points that ransomware uses to get into a system: remote desktop protocol (RDP), phishing attempts, and software updates. 

IT administrators will be familiar with RDP, however many of these servers are still directly connected to the internet. Veeam states that more than half of all ransomware comes from RDP, which clearly demonstrates that internet-connected RDP needs to stop. Keep RDP off the internet.

Phishing emails often don’t look or sound right, but not everyone will act the right way. There are many tools that can test an organisation’s ability to detect phishing incidents – Veeam explains this in more detail in its report.

Patching and updates are far from a glamorous task, but they are a good investment because many ransomware strains exploit a known vulnerability – WannaCry and Petya to name but two.

How to educate through preparation

Organisations will likely have tools to protect against cybersecurity incidents such as ransomware, however, it is worth taking the time to learn how each tool could work.

If a ransomware incident results in the need for data restoration, IT teams should understand how different restoration scenarios could work.  With this understanding, teams can familiarise themselves with processes, gain an expectation of how much time could be involved – and most importantly – they will understand if a tool works as it should.

For example, a replica failover may be the most logical way out of a ransomware incident. A file-level restore may make the most sense. Teams could also restore whole VMs. Every restore scenario is different, so it is worth becoming familiar with these possibilities.

The education strategy is important to ensure that ransomware stays out of the enterprise – and if it does get in, there is a plan in place, so people know exactly what to do about it.

One way to measure this investment in education is to compare it with the risks, costs and pressure of dealing with a ransomware incident unprepared.

Don’t leave your company’s security to chance. Uncover more from the Beat Ransomware: Education, Implementation and Remediation with Veeam white paper.

Story image
ConnectWise launches bug bounty program to bolster cybersecurity strategy
“Crowdsourcing in this way represents a solid additional layer of security, and we clearly value the community's expertise and participation in helping us keep our products secure."More
Story image
CrowdStrike acquires Preempt Security for $96m, develops zero trust security offerings
With this acquisition, the company plans to offer customers enhanced Zero Trust security capabilities and strengthen the CrowdStrike Falcon platform with conditional access technology. More
Story image
CrowdStrike integrates with ServiceNow program to bolster incident response
As part of the move, users can now integrate device data from the CrowdStrike Falcon platform into their incident response process, allowing for the improvement of both the security and IT operation outcomes.More
Story image
Why it’s essential to re-write IT security for the cloud era
Key components of network security architecture for the cloud era should be built from the ground up, as opposed to being bolted on to legacy solutions built for organisations functioning only on-premises or from only managed devices.More
Story image
Evolving threat landscape top priority for security and risk leaders
"COVID-19 has proved how rapidly and how drastically such risks can change."More
Story image
5 ways to use data science to predict security issues - Forcepoint
Data science enables people to respond to problems in a better way, and to also understand those problems in a way that would not have been possible 50 years ago.More