Click to learn more about author Ken Steinhardt.
The question about whether your organization will be hit with a ransomware attack is not “if” but “when.” As the world has seen recently, ransomware attacks are on the rise, and they can hit anything ranging from critical infrastructure to smaller enterprises that try to stay under the radar of cybercriminals. What is important to keep in mind is that it’s not just a technology issue; it’s a matter of preparedness, including expanding internal awareness and improving communication to prevent unnecessary steps.
Ransomware attacks in North America have soared by 158% and globally by 62% since 2019, according to the 2021 SonicWall Cyber Threat Report, which also stated that cybercriminals are using more sophisticated tactics to try to shut down companies in exchange for a data “ransom.” Virtually all companies rely on data to run their businesses, so this is a pervasive issue.
Embracing best practices in preparedness for this kind of cyberattack, which basically takes a company’s data hostage, can help to minimize and even neutralize the impact of ransomware attacks. The following are three best practices to implement, ideally, before a ransomware attack happens.
1. Know your company’s capabilities to combat ransomware.
Know what you can and cannot do in the midst of a ransomware attack. This is critically important because if your company does not have a clear picture of it, business executives could make the decision to pay the “ransom” for the data when they don’t have to pay it to get all of their data back safely.
Cyber attackers can come in and demand a ransom for a company’s data. The company pays it, but then it turns out that the process to restore the data from the cyber attackers is slower than just doing the company’s own recovery process from snapshots or from the backup systems. Speed of recovery should be assessed in a ransomware attack. Paying the ransom does not typically result in instant recovery anyway.
Contingency plans are part of sound preparedness. One of them should be that, in the case of a ransomware attack: How can the company ensure near-instantaneous recovery if the ransomware attack is ignored? Secondly, how can the company ensure that the data is not corrupted? Knowing and strategizing to have contingency plans in place to address these challenges will give a company’s leadership greater confidence to move forward.
2. Establish clear, concise communications with trustworthy information.
In the midst of a cyber attack, communication within a company can too easily become disrupted, fragmented, and isolated. Weaknesses in internal communication, such as a disconnect between business executives and IT executives, can be exposed. If business executives have limited information and do not have a full, clear picture of what the company can and can’t do, knee-jerk decisions might be made, leading to financial loss, reputation damage, and business disruption, when it can be avoided.
IT executives need to have a seat at the crisis management table and be empowered to speak the truth, even if the other executives are reluctant to hear it. A cyber attack usually increases the intensity in the C-suite, stirring executives to want to react and be done with it, such as nervously spouting, “Just pay the ransom.”
However, effective internal communication can ensure that all the decision-makers are aware that the company has the cyber recovery capability to restore the data – without needing to acknowledge or negotiate with the purveyors of the ransomware attack. At a surface level, this may sound counter-intuitive, but with next-generation cyber recovery technology from a data storage perspective, you can just ignore them. It’s the equivalent to you telling the bad actors to “get lost” because you have essentially neutralized the impact of the attack.
3. Keep your “checklist” updated in standardized preparation for future ransomware attacks.
Not only do you want to check the boxes, but it is also essential that you have the right boxes on your checklist. Simulation completed. Check. Backup systems secured. Check. Cyber recovery at high speed (preferably near-instantaneous restoring). Check. Immutable snapshots. Check.
But your checklist cannot stay static. It can serve as a barometer of the level of your company’s preparedness at any given time. It puts your company into a constant mode of preparedness, which should be stress-tested through controlled simulations. The point of an adequate checklist is to prevent compromise of your company’s data.
Implementing immutable snapshots, for example, is a perfect example of a strategy whereby the data cannot be corrupted or encrypted. They are snapshots of all your company’s data that cannot be overwritten, altered, or deleted. They let you go back to the time of your choosing and rapidly restore any data from a snapshot, making a ransomware attack seem more like a speed bump in the road, figuratively speaking.
When you use immutable snapshots, you can be confident that your data can most likely be recovered without the need to pay the ransom of cybercriminals. This is why immutable snapshots are on an increasing number of checklists within enterprise companies.
And be sure to test everything on your checklist and your procedures. All too often disaster recovery tests are viewed as a nuisance to be satisfactorily completed with as little effort as possible. Instead, instill an attitude of searching for any possible weak links and challenge IT to try and find ways to break things! This can expose previously unseen issues before they become real problems. Don’t wait for the attack to occur; simulate your own attacks, and practice recoveries.
You can expect the best outcome in a crisis situation, but you are smart to prepare for the worst-case scenarios caused by ransomware attacks. In doing so, you put your organization in the best position to neutralize the effects of a ransomware attack when one happens. Awareness, communication, and standardization are three key components of effective preparedness.