Don't Fall Victim to Ransomware: Seven Steps to Minimize Impact
Ransomware attacks have become the cybercrime du jour.
In 2016, ransomware use grew by 167 times year over year, according to the 2017 SonicWall Annual Threat Report. It’s no longer a question of if your organization will experience a ransomware attack, but a matter of when.
To further complicate the issue, the rate of growth for ransomware variants has been phenomenal. According to Proofpoint’s Threat Summary, the variety and sophistication of ransomware attacks has steadily been on the rise. These newer forms of attacks are wreaking havoc in the enterprise, resulting in an endless game of cat and mouse.
In addition to paying a stiff ransom, victims suffer costly business downtime and loss in reputation from these attacks. In industries like healthcare, where ransomware attacks must now be reported as HIPAA breaches, the fines and penalties for data breaches are even greater.
All of these factors make a foolproof plan to protect against ransomware attacks even more vital.
Changing Workplace Practices Open More Doors for Attacks
The widespread use of mobile devices and cloud-based applications in the workforce has escalated the risk of malware attacks. While many companies are protected by a corporate firewall, employees are now connecting to enterprise data and services using their own weakly protected mobile devices and instantly spreading potential malware-infected files via cloud-based applications.
In fact, the 2015 Kaspersky Consumer Security Risk Survey found that 73 percent of employees report doing some work from their personal devices. This opens another route for malware to infect organizations and, likewise, the deployment of unsecured mobile applications for employees and customers has created new opportunities for attacks.
Imagine this: an employee gets a malware attachment via email. They open the email on their mobile device, and then save it in a sanctioned cloud app for sharing with colleagues, such as Box or Google Drive. Within seconds, the infected file has spread throughout the organization. This scenario is commonplace when you consider that 44 percent of cloud malware contains ransomware and 56 percent of malware-infected files are easily shared, according to Netskope’s 2016 report.
Prevention Techniques Useful, But Limited
Protecting the data perimeter is one approach to staving off ransomware and other malware attacks. End-user awareness and smart browsing practices are important, as is regularly updating security, anti-virus and anti-malware software, including operating systems. Because attackers benefit from weakly protected data, organizations should also replace antiquated IT infrastructures.
Another weakness is that user awareness relies on the compliance of busy and increasingly mobile employees to prevent ransomware attacks. While offering some protection, encryption doesn’t help if users inadvertently download a virus or malware onto their computing device. In addition, ransomware is often designed to stay dormant after spreading through networks, making it harder to identify the original source.
Given the major gaps in protection afforded by malware prevention techniques, organizations would be foolhardy to rely on them exclusively. While these fixes certainly play a role in preventing attacks, they have limitations and provide only a weak level of protection.
Data Backup Thwarts Ransomware, Provides Other Benefits
Instead of playing a game of catch up, the best defense is a dual-pronged approach that combines advanced malware detection with backup to minimize the chances of data loss. A crucial part of thwarting ransomware attacks is through regular time indexed backups. According to Gartner, “The primary defense for ransomware infections (and potentially future coordinated attacks) is backup.”
These seven steps provide the foundation of a backup plan that is highly efficient, seamlessly executed and unnoticeable to the end user.
- Protect Distributed Data: An enterprise-grade automated backup solution that performs regular backups across devices, desktops and cloud apps will protect distributed data and act as an insurance policy in case of a ransomware strike or other intrusion.
- Protect Distributed Teams and Users: Does your current backup plan cover 100 percent of your user base, including geographically distributed teams? To reduce exposure to potential data loss, review and validate the deployment scope of your backup plan to ensure that it deploys automatically to all end users needing protection. At a minimum, you should ensure that key users are covered.
- Review the Scope of Your Data Backup: What are you backing up? You’re probably protecting desktops and email, but what about other user-specific data sets such as profiles, system and app settings, or folders? Review, validate, and, as needed, modify backup content to ensure that important data for protected users is backed up.
- Check Backup Frequency Across Distributed Teams: How often are you backing up? Every two days? Eight hours? Four hours? Do you need an even more aggressive schedule for executives? As a general rule, back up data, at minimum, once every four hours.
- Validate Your Retention Policy: How long are you keeping your backups? Adopt a retention policy to meet internal objectives. Your data retention policy may vary depending on your industry, regulations and internal IT policies. IT, Legal, and Compliance teams should weigh in on data retention needs.
- Gain Intelligence Around Data Backups: Having a backup of data is not enough. Organizations also need intelligence around their backup data so they can save time and money in the recovery process. The ability to identify the last known good backup ensures that they recover data safely. Similarly, pinpointing contaminated snapshots allows organizations to properly purge corrupted data and eliminate further proliferation of the same issue.
- Re-Assess Policies Periodically: While the preceding measures might provide sufficient protection for the foreseeable future, you should revisit your backup policies approximately every six months to ensure that they meet your organization’s needs.
By following these steps, IT can ensure that it has a rock-solid backup routine in place to reduce the impact of ransomware or other malware attacks. Armed with the ability to detect ransomware variants, protect distributed data and teams and quickly restore data from time-indexed copies, organizations will be far less vulnerable to costly and debilitating ransom demands.
Edited by Alicia Young