It still comes down to education and preparedness – particularly for those outside of the security and backup teams .
If businesses don ’ t have other offsite copies of this data or simply aren ’ t in a position to recover fast enough it can be tempting for the board to opt to give in to demands . While senior leadership of course want to do the right thing from a security perspective , ultimately their top priority is to keep the business running .
What still needs to be done ?
What needs to change to tip the balance of the ransomware struggle and for us to start seeing attacks and payments go down for good ? It still comes down to education and preparedness – particularly for those outside of the security and backup teams . This includes busting myths about what happens leading up to and after a ransomware attack .
For example , encryption doesn ’ t happen as soon as an employee clicks a malicious phishing link – it can be months or even a year between breaching a system and locking data and declaring a ransom .
Likewise , decryption doesn ’ t happen as soon as a ransom is paid either , ignoring the fact that roughly a quarter of businesses pay a ransom yet remain unable to recover their data , even the best-case scenario can be incredibly slow to decrypt and recover . This is part of the business model as most offer the option to buy more decryption keys on top of the ransom cost to speed up the process !
Understanding the beast is the first step in being prepared to respond to it . A ransomware recovery plan should have three stages :
1 . Preparation – Planning recovery , ensuring you have reliable backups ( following at least the 3-2-1 rule ), having a disaster recovery location set up and ready to go , and ramping up training and exercise to ensure the business and organisation are prepared .
2 . Response – Following a pre-defined and tested incident response process , locating and containing the breach , and scanning backups to ensure they are uncontaminated .
3 . Recover – Recovering the environment without reintroducing the malware or cyber-infected data into the production environment during restoration and getting the business back up and running .
To conclude , while there might be a degree of uncertainty about the status of the global struggle against ransomware , what isn ’ t in doubt is that ransomware attacks remain an inevitability for most businesses . This doesn ’ t mean there ’ s no hope against these cybercriminals however , it ’ s important to understand that if companies are prepared and design their recovery well , they can reach a point of 100 % resilience against ransomware . That doesn ’ t mean there will be no business impact from such attacks , but it means you can recover quickly and say ‘ no ’ to ransomware demands .
50 WWW . INTELLIGENTCISO . COM