decrypting myths
Authentication , backup pins or dual authorisation mechanisms to prevent backups from being disabled or overwritten .
Having a robust data protection strategy is just as critical . Strong data governance practices ensure that key data stays in known , risk-assessed locations , with measures in place to provide timely access to the data . In some cases , this can prevent the attacker from gaining access , but if the worst case does happen and they do get in , it can slow the attacker down until the incident response capability can identify and contain the threat .
To pay or not to pay ? and implements automated response where appropriate . This proactive and multifaceted approach will go far beyond the reactive confines of cyber insurance and should be bolstered further by threat intelligence services to provide early warning of an attack .
The right response is essential
A strong cyber strategy shouldn ’ t rely on detection alone . How a business responds to a breach is also key in defining the success of its security posture . When defences fail and operations are threatened by a ransomware attack , organisations with a clear and effective incident response plan already in place stand the best
Gavin Knapp , Cyber Defence Technical Lead at Bridewell
chance of mitigating the damage . The incident response plan needs to be tested and ideally tabletops performed to ensure everyone is aware of the plan and their individual responsibilities . It is also critical that a robust IT Disaster Recovery plan is in place that is regularly tested . Backup controls should be protected using approaches such as segmentation of backups , strong authentication requiring Multi-Factor
Finally , the question of whether to pay the ransom must be considered . This decision should not be taken lightly . The legal and ethical implications of paying out need to be addressed and evaluated long before the actual criminal act takes place . Data can help organisations to make the right decision on this contentious issue : weighing up the operational cost lost per day versus the cost of paying the attacker can provide some much-needed clarity , while the level of confidence of being able to bring systems back will be a factor in many organisations ’ decision-making .
As ransomware risks accumulate , preparation must take centre stage . Basic cybersecurity hygiene practices , such as asset inventory , configuration management , application control , endpoint protection , regular testing and patching of any systems connected to the Internet and segmentation of networks still have an important role to play . However , organisations need to plan for all eventualities . The security and success of each organisation will depend on its ability to predict , prevent , detect and respond against everchanging ransomware threats . u www . intelligentciso . com
77