Ransomware can cost your business a pretty penny. In fact, according to National Security Institute, the average ransom fee requested has increased from $5,000 in 2018 to around $200,000 in 2020. That’s a real pricy hit.
It’s also important to know that every business is at risk. Even if you don’t think you have data that’s of real value to a hacker, you’re not immune. A 2021 Sophos study reported that more than 1 in 3 (37%) of survey respondents’ organizations were affected by ransomware attacks in the last year. And a U.S. Government interagency report has found that over 4,000 ransomware attacks have happened daily in the U.S. since 2016. Chances are your company could be next. It’s not a matter of if, just when, and time is not on your side.
To glean a unique perspective and tips for being prepared for the threat of ransomware, listen to this podcast I recently moderated with Jackie Groark, Veristor’s Vice President, Security and Chief Information Security officer and Patrick McGrath, Commvault’s Director of Product Management – Search & Analytics:
Some of the best practices outlined in the podcast include the following:
Unfortunately, most companies are simply not prepared to respond to a ransomware event, let alone prevent one. Even though the stakes are high – from lost revenue and brand reputation to confidential data exposure and the compliance fines that can result – companies are simply not placing ransomware preparation high enough on the priority list.
When working to enhance ransomware preparedness, it’s best to remember that ransomware is not just one thing. It can come in many forms, penetrate networks from multiple vulnerability points and expose data in different ways. The best place to start is with the basics. Know where your sensitive data lives and take extra measures to protect it. And be diligent about core protection tasks including patching, backups, disaster recovery and monitoring, as your preventative solutions must consider the tactics of ransomware.
Have a Plan
Surprisingly, it’s very common for companies to lack a full incident response plan. You need to outline the core tasks necessary for remediation and response, and how you’ll communicate the plan and actions to core stakeholders. It’s common to panic or simply focus on the fire drill of getting back up and running during a ransomware event. But it shouldn’t be the first thing you do. You don’t want to restore something that’s still infected. You need to outline a methodical plan to ensure exposure isn’t further exacerbated during the recovery.
Additionally, ransomware response should be a core part of any disaster response plan with communication across multiple departments. It’s not just an IT issue. It’s a business issue. You need a risk management approach with a plan of action to be ready to respond with confidence. Tip: Create your ransomware impact FAQ to ensure your workforce is getting answers to the most important questions.
Once you have a response plan in place, it’s time to think prevention. Monitoring your environment is an effective way to begin your ransomware prevention strategy. Security monitoring tools will help you see any anomalous behavior – hopefully before it lets ransomware break through. In a time where most IT departments are slim and overworked, automating alerts from abnormal behavior triggers can help give teams time to act, without over stretching resources.
Don’t Put it Off
Implementing a ransomware recovery plan can seem like an overwhelming task. But the threat actors are not going to wait for you to perfect your process. In fact, they’re banking on the fact that many don’t have one in place. Build your strategy now, but don’t wait for it to be perfect to begin implementation. Security plans are living documents that should and will mature over time. Data stored in the cloud, for example, will require a much different security and response process than on-prem data. So, your plan should mature and grow as your environment changes.
Longer term, your security and protection strategy will lead the way to getting greater value from the business. As you employ practices to secure and protect data, you’ll also be working to comply with data governance and regulatory best practices. This, over time, will help you get maximum value out of your data while protecting it through information lifecycle management and archiving techniques. Then, not only will you be safeguarding data, but you’ll be able to enhance how it’s used as well.
Be prepared, set a strategy with alignment across the organization and treat it seriously. As a result, you can rest easy knowing you’ve done all you can to keep ransomware at bay. Learn more about securing your business here, then reach out to see how we can help you develop the security strategy that will keep your business safe.