Five ways to respond to the ransomware threat
The ransomware threat has taken a sharp upturn this year. In fact, a recent industry study found that nearly half of all U.S. businesses have experienced at least one ransomware attack in the past year alone. While organizations wrestle with the ever-pressing issue of whether to pay or not to pay if they’re victimized, Logicalis US suggests CXOs focus first on how to protect, thwart and recover from a potential attack.
“Ransomware is a business, complete with sophisticated cybercrime-as-a-service offerings and world-class customer support to ensure its victims’ files are returned expeditiously once the ransom is paid. It’s a service business approaching $1 billion in annual revenue, something that would be heralded as an accomplishment if it weren’t based on such nefarious principles. The business of ransomware has even spawned a network of affiliates that provide redirection of an exploit kit for a cut of the profits,” says Ron Temske, VP, Security Solutions, Logicalis US.
To be ready for an attack before it happens, to detect and stop it while it’s happening, or to recover from it after it happens takes planning. To help, Logicalis’ security experts have compiled a list of the top five ways to respond to the ransomware threat.
1. Create a modern defense
Traditional signature-based anti-virus solutions are good to have, but they aren’t up to the job of thwarting a sophisticated ransomware attack. Neither is your traditional stateful firewall. As a result, it is critically important to plan for the possibility of an attack by developing comprehensive visibility and access to extensive details on how the malware entered the organization’s environment in the first place.
IT pros who are serious about heading ransomware off at the pass should focus intently on modern next-generation anti-malware and firewall solutions that can stop an attack before it starts.
2. Take an architectural approach
In some limited situations, point solutions can be effective, but not with ransomware. The most effective way to address the ransomware threat and other pervasive cyberattacks is to take a holistic architectural approach to security that encompasses the entire network including its systems and endpoints as well as the organization’s cloud and mobile strategies.
Because so many of today’s threats are automated, solutions that rely on human intervention to detect and respond are neither affordable nor effective, making automation and orchestration key principals in a solid security architecture design.
3. Prevent the spread of malware
If an attacker’s malware does enter the network, it has the ability to spread like a fast-moving cold among passengers on an airplane. The key at this stage is to compartmentalize data using network micro-segmentation strategies that make it more difficult for malware to spread laterally within the environment.
4. Plan your recovery
The unfortunate truth is, despite the security industry’s best efforts, no organization is entirely immune to attack. Therefore, it’s critical to examine how the organization will recover if it is breached. First, be sure you’re backing up.
Second, test, test and re-test the backup and restore process; a backup is only valuable if the data can actually be restored when it’s needed. It’s also important to ensure that the restore can be done at the system level since file-based recovery may not be enough.
Consider, too, how much redundancy is required; if the organization is hit, do you have an uncorrupted source from which you can immediately recover? And be sure to weigh the costs of various solutions against the cost of potential loss or downtime – not all data is equally valuable, which means not all data needs the same level of protection.
5. Create a pay or no-pay policy
Finally, the big question: To pay or not to pay? No vertical market is having a tougher time facing this question than healthcare is today; whether it’s critical patient-care data that hackers hold hostage or the threat of hefty regulatory fines imposed when protected patient health information (PHI) is breached, healthcare organizations have become prime targets for ransomware attacks.
Before any organization – healthcare or otherwise – pays a ransom, however, Temske suggests examining how much damage will be done if you don’t pay. Do you have an uncompromised data backup from which you can restore? What is the cost to restore vs. pay – both monetarily and in terms of the business’ ability to function in the meantime? Ultimately, the decision comes down to how business-critical the compromised data is to the organization. If you do decide to pay, Temske has one word of advice: “Negotiate. In most cases, you can talk the price down, so it may make sense to consider not paying the first amount offered.”