The latest statistics around ransomware attacks will only confirm your worst fears. In Sophos' The State of Ransomware 2022 report, 66% of the 5,600 IT pros in 31 countries surveyed said they had been hit by ransomware last year. Then there is the bottom-line impact. The Sophos report says the average cost to remediate a ransomware attack was $1.4 million, and the average time it took to recover from an attack was one month.
Cybercriminals are getting smarter, and now offer ransomware as a service (RaaS) to specialists whose skills in, as Sophos puts it, "virtual breaking-and-entering," differ from those of ransomware creators. An alert from the Cybersecurity and Infrastructure Security Agency (CISA) notes that the Conti RaaS group often tries to gain initial access using spear phishing campaigns with tailored emails containing malicious attachments. But they've got plenty of other burglary tools up their sleeve. Among those listed by CISA include stolen or weak Remote Desktop Protocol (RDP credentials); phone calls — yes, some hackers even cold call a company to try to wring the information they need to get onto your network; fake software promoted via SEO and malware distribution networks like ZLoader.
When you look at all of this, you are potentially only a click on a malicious link away from a potentially devastating ransomware attack on your organization.
With so many potential vulnerabilities and evolving attack vectors, IT professionals need to change their approach because beating ransomware requires a multi-faceted prevention strategy. No single silver bullet will keep ransomware at bay, especially given so many other threats to your data, from malware to natural disasters.
Three Pillars of a Complete Ransomware Prevention Strategy
1. Cybersecurity Technologies
Cybersecurity is a crucial aspect of your multi-faceted ransomware prevention strategy. It includes ensuring you have the latest protections for your endpoints, networks, servers, and other infrastructure elements.
At a minimum, it's worth adding identity access management (IAM) to keep unauthorized users out and privileged access management (PAM) solutions to limit access to sensitive data based on roles. Bolstering your defenses further by employing a zero-trust model for data protection with advanced monitoring functionality means your backup admins can react quickly to any threats or other issues involving your primary or backup infrastructure and operations. Your defenses can include data loss prevention (DLP) software that detects potential data breaches and data exfiltration activities and blocks them from accessing sensitive data — in use, in motion, and at rest.
Endpoint detection and response (EDR) is another cybersecurity tool that continuously monitors end-user devices to detect and respond to cyber threats. If your organization uses a remote or hybrid work model, EDR is invaluable.
2. Data Protection and Orchestrated Recovery
Now that ransomware targets backups much more frequently, the old 3-2-1 backup rule is outdated. That rule was simple: keep three copies of your data; store two copies locally on two formats (tape, network-attached storage, or local drive); and keep one copy offsite, with the cloud offering the most flexibility. To deal effectively with today's threat, you need to adopt a 3-2-1-1 strategy with that extra one standing for immutability.
Backups to an immutable object store are in a write-once read many times format. These immutable backups can't be altered or deleted, so they are safe from ransomware no matter what.
If you experience a successful ransomware attack or other data loss, orchestrated disaster recovery will help you recover efficiently. An effective orchestration solution also ensures that your critical systems — servers, applications, and sensitive data — are automatically brought back online in the proper order. That takes much of the complexity out of recovery. Given the multiple tasks that go into a manual failover, orchestration ensures fast disaster recovery, even as you scale your organization.
3. Security Processes
The final pillar may be the most critical because 85% of breaches in 2021 involved the human element. Cybersecurity training should be a core element of your disaster prevention and recovery plan. CISA offers an excellent cybersecurity awareness program that includes a toolkit and resources. Make sure your team understands how to spot phishing schemes and suspicious links. Help them know how vital their role is in preventing ransomware and breaches.
It's also essential to run disaster recovery exercises that test your disaster recovery plan's effectiveness. And don't forget to keep physical security in mind, including running background checks. Finally, we want to reiterate the value of IAM and PAM in keeping your data secure.
A Unified Approach
For organizations to effectively take the fight back against cybercriminals requires a more unified and holistic approach to data protection. It should be built on the pillars discussed in this article. It becomes a more comprehensive and complete defense by unifying your approach, making it much harder for ransomware and other attacks to sneak in through the cracks.
This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security magazine. Subscribe here.