Headlines with the latest ransomware attacks seem to be everywhere. Big companies, small companies, healthcare organizations, government agencies, retailers—ransomware has struck every type of business in almost every sector.
So why do some businesses still treat ransomware like an outlier threat?
One problem is that discussions around cyber risks are sometimes seen as fear mongering, particularly when executives are already nursing a case of cyber risk fatigue. But IT experts who monitor the evolution of ransomware attacks know the threat is more than a trendy news story—it’s today’s reality.
Everyone is a ransomware target and that includes your company, too. Explore our quick start guides to help you through current challenges. Learn more.
Another challenge is that harried IT departments want to simply stand up some anti-ransomware technology and call it good. But effective ransomware defense and recovery strategies aren’t all about tech. Translation: there’s more work to be done.
That work is around two other vital components that must also be considered, which are people and processes.
If you want a reasonable chance of preventing a ransomware attack and, perhaps more importantly, of recovering from an attack should something slip through your defenses, then each of those buckets—people, technology, and processes—requires action.
Understand the people factor
First, acknowledge that you will never get everyone to stop clicking on suspicious e-mail links. It just won’t happen. Human nature is both curious and trusting, at least when it comes to messages that kind of look like they might be from someone you met at a conference a couple years ago.
Knowing that you can’t prevent every unwanted click, the goal instead should be to work toward fewer clicks and shrinking your overall risk envelope.
Training gets you toward that goal. Show users how to spot untrustworthy links. Educate them on ways to verify if a return e-mail address is legitimate or spoofed. Then give them clear direction on what to do if they click on something they shouldn’t have. That way you’ll at least have a head start on stopping a possible ransomware attack before it has a chance to get its hooks into your environment.
Leverage technology effectively
As annoying as ransomware is, it’s actually a complicated process to become infected. That paradigm pays off with a lot of different ways to disrupt the kill chain before it causes unrecoverable problems. From receiving an infected e-mail to clicking on a link to downloading the ransomware file to infecting a single machine to propagating across an entire network, any ransomware infection requires a number of steps before its impacts bring your company to a grinding halt. Have you done enough to disrupt that chain?
If not, take heart in knowing that you have a slew of low-hanging opportunities to break the ransomware chain and make it much more difficult for an infection to ruin your business. The most effective technology solutions focus on three key areas:
The right solutions can block corrupt e-mails before they ever hit employees’ inboxes. This is especially important when you look back to the people factor of your three-pillar foundation and remember that you will never, ever prevent 100% of ill-advised clicks. So even if someone opens an e-mail from that long-lost colleague they met only once and aren’t sure if they even wrote their name down correctly, a robust e-mail security platform can put the brakes on a potential ransomware infection.
If your e-mail security strategy doesn’t stop a ransomware attack, a well-designed endpoint security solution can step in to do the dirty work. When endpoint security technology is implemented and configured correctly, essentially everyone and everything must pass through it. An e-mail that doesn’t pass the ransomware sniff test will be stopped and quarantined, ensuring your environment retains its integrity and your data remains your own.
Proper segmentation can still save you from an all-out ransomware attack, even if an e-mail and its associated malicious files make it through your other defenses. A strategy with segmentation at its core will maintain a protective perimeter around your most valuable data. It will enable you to stop the encryption of the assets that power your core business systems. Segmentation offers a way to maintain operations even if a lot of other things go wrong during a ransomware attack.
Improve your processes
Your internal processes for dealing with a potential ransomware attack should be structured to bring your people and your technology into harmony to help you manage the evolving threat landscape. Consider how well-developed processes give you a leg up on dealing with ransomware.
- You can quickly recover your environment if you become infected
- You know what your first steps should be in restoring your operations
- You know who to call to support your recovery efforts
- You have cyber insurance coverage to help get you back up to full speed
A couple of anecdotes illustrate how different approaches to ransomware defense and recovery have worked in the real world. The first is the City of Atlanta, which suffered a devastating ransomware infection that revealed a weak recovery strategy and a significant lack of planning. Operations were seriously disrupted while the attack was occurring and, three months later, a notable portion of the city’s technology platforms continued to operate at a diminished capacity or were still offline entirely. Key data sets, including those related to law enforcement and legal proceedings, were permanently lost. The city’s environment was too flat, they had little to no segmentation in areas where it mattered, and their recovery efforts were haphazard and poorly orchestrated.
In contrast, the ransomware attack experienced by Maersk shipping demonstrates just how valuable a strong recovery strategy can be. The shipping giant suffered an outage that was both in huge scale and quick in execution—somewhere along the lines of 50,000 assets were encrypted in only 30 minutes. Though the enterprise also had a nearly flat network and the immediate effects included a widescale disruption of their corporate operations, Maersk’s backup and data protection strategies were solid. The organization’s thoughtful approach enabled them to completely recover their entire environment in just 10 days and no long-term data losses were reported.
A ransomware attack can cause show-stopping problems for your business. But there are ways to avoid that pain with simple steps to make your people more knowledgeable, your processes more powerful, and your technology more effective.
Have questions about the strength of your security strategy and plans?
Request a complimentary consultation with one of our security experts
Request a Consultation