Spurred on by economic shutdowns, cyber criminals have become more cunning and brazen than ever before, executing ransomware attacks against organizations of all sizes across all industries. JBS Meats, Colonial Pipeline, Air India and CWT Global are among the massive headlines of 2021, drawing record-breaking ransoms and FBI involvement.
Despite best efforts from security personnel to federal involvement, ransomware is still the biggest threat organizations will face this year. These attacks have the potential to shut down organizations and strain infrastructure, according to Index Engines.
There’s no single method or strategy that guarantees an organization will not become a victim, but there are best practices organizations can take to achieve greater cyber resiliency.
5 cyber resiliency best practices for 2022
1. Educate: Though cyber criminals are finding new and creative ways to get into data centers (In November, it was reported that a new strain of malware was entering networks through TeamViewer and could deploy within 10 minutes).
Most ransom gets in through a click of a mouse with phishing and spoofing among the low hanging fruit, responsible for approximately two-thirds of malware entry points. Warn employees of the dangers of clicking on unknown links in company email as well as their personal email and social media accounts. Teach how to spot potential spoof emails. Make this training ongoing and keep employees thinking about their actions.
2. Update: As cyber criminals evolve, many security tools release patches and updates to help secure data. These need to be implemented regularly to take effect. Make sure enterprise applications and corporate computers are kept up to date.
The FBI and CISA release blacklists to help identify ransomware activity. These FBI updates should be included in the updates to security applications. Monitor these alerts to ensure your security applications are including them in recent updates.
3. Collaborate: Especially within larger organizations, breakdowns occur between departments and when responsibility blurs the lines between IT manager, the CISO and the backup administrator, ambiguity in responsibility creates vulnerability. There needs to be a sound understanding of duties, strategies and processes.
Who is in charge of updates on which systems? What data center infrastructure is outdated and potential a security risk? Backups are a growing target for ransomware – is the security team or backup admin responsible for security protocols? If a ransomware attack is successful, how can the organization recover and who is responsible for restoring data?
4. Analyze: Early detection leads to quick recovery. Unfortunately the average down time is now 23 days, up by two days in 2021. But some organizations take months to get back to normal, causing significant economic stress. Implementing analytics that look deep inside of data can detect more sophisticated attacks and minimize data loss. Continually inspecting critical data and infrastructure to understand how data changes over time and anomalies can help determine if the data center has been infiltrated and is under a ransomware attack.
5. Invest: Lockfile ransomware is executing intermittent encryption. Jigsaw executes encryption combined with a progressive deletion and CrypMIC corrupts files without changing the extension. With all the best practices and best of tools, cyber criminals will find a way into the data center and recovery will be the last line of defense.
Investing in a cyber recovery strategy is essential for getting an organization operational. Backups are the best way to recover and therefor a top target for cyber criminals. Invest in new technology to make backups stealth, immutable and intelligent enough to tackle the cyberattacks that will occur in 2022 and beyond. Investing in ransomware – prevention and recovery – will have an ROI that is truly immeasurable.