2020 was a watershed year in the history of the world which embraced technology in all facets of life, from education to remote work to online shopping. The list is endless. The security ecosystem also saw a strategic shift with a rapid migration to cloud computing, accelerated digitization of business processes and endpoint mobility. The downside was the escalation in the number and severity of cyberattacks as digital became mainstream. Global damages from cybercrime are projected to be $6 trillion by 2021 in a year, which translates to damages worth $190,000 per second. High-value organizations are at the highest risk of experiencing ransomware attacks, not to say that small-scale companies are immune either.
In a survey by the security organization, Sophos, 82% of organizations out of 300 in India reported being hit by ransomware by mid-2020. This did not come as a surprise as cyber hygiene is generally low in the country with excessive use of pirated software. This weakens an organization’s cyber defense and makes it more vulnerable to attacks, noted the report.
Ransomware attacks are not going anywhere. What an organization needs are a plan to deflect or otherwise face these attacks if it is hit by one. Here are seven tips for defending an organization against ransomware attacks and data loss in 2021:
1. Review and Refine the Backups
Data backup can be a business’ lifeline if it is hit by ransomware. Security of data, therefore, is a critical requirement for any organization. Data backups should be done at regular intervals – not too long as that increases the volume of data loss in case of a ransomware attack; not too short either as that increases backup cost. The backup interval time will vary from organization to organization depending on the frequency of data update and critical nature of the data.
A complete review of the backup process and backup files must be done to ensure all critical aspects are covered. Check that a recent backup is stored offsite which is separate from the network, and that the restore process is tested and working properly. 3-2-1 is a good rule to follow: Keep three copies of your backup on two types of media and one copy offsite.
2. Conduct a Risk Analysis
Invest in third-party cybersecurity risk analysis and security audit. This is an effective way to check the vulnerability of your systems, whether or not they are as secure as they ought to be. While drafting a risk analysis plan, there can be a tendency to overlook weak spots. Do not factor out such human errors.
The audit team should use penetration testing to check vulnerability and security of the systems and their ability to fend off ransomware and other cyberattacks. They should be able to identify areas that need extra attention.
3. Train Employees on Cybersecurity and Cyber Hygiene
Cyber hygiene is generally poor in India. It is important to educate every internal stakeholder about security dos and don’ts, such as don’t click on suspicious link, don’t open email attachments from unknown sources or access sites that are not secure – https versus http, avoid public wifi in places such as airports, railway stations, etc. Are they aware that a simple act of charging a device can lead to it being hacked, depending on the type of power source is used? Tell them how to be secure so their personal data doesn’t land up in the dark web.
There must be a rapid response plan in place so that everyone knows the drill if their computer or device gets infected with malware. This should include training on what to do if a device disconnects from the network, how to isolate infected devices or change passwords regularly, and how to notify the network admin, among others.
4. Patch Known Vulnerabilities
Patch management is mostly done to fix problems within software programs. It helps to analyze existing software programs and detect any potential lack of security features or other upgrades. Thus, it is an integral part of ransomware protection, and yet many organizations tend to keep it aside as patching is a time-consuming and manual process.
It is in the best interest of the organization that a dedicated resource is assigned to regularly patch known weak spots and closely monitor vulnerabilities that can’t be patched immediately. It’s also a good idea to conduct regular checks for unknown vulnerabilities so they stay on the radar. Another vulnerability to look out for is the use of pirated software in the organization. Pirated software may save money initially, but it causes a lot more damage in the long run.
5. Stay Proactive
To wait for a ransomware attack to take place is highly injudicious. Companies must take proactive steps to keep the bad players out, such as:
• Enforcing application and site whitelisting which allows only approved applications to run on the company network;
• Staying informed with news, trends, and updates on cybersecurity and ransomware; and
• Scheduling regular access reviews to ensure privileged access to the network and resources is tightly controlled and monitored.
6. Create a Disaster Response and Recovery Plan
Having a comprehensive disaster response and recovery plan in place can help protect an organization’s data, revenue, and reputation in the event of a successful ransomware attack.
A disaster recovery plan should cover the following high-level and critical components:
• A well-trained disaster response and recovery team
• A strategy for business continuity
• Cyber insurance
• An inventory of hardware and software
• Clear instructions on restoring from the backup
• Alternative workspaces and communication tools
7. Invest in an Integrated Data and Ransomware Protection Solution
The impact of a successful ransomware attack can be far-reaching and drawn out. Without appropriate ransomware protection, systems can be down much longer than what an organization’s service level agreements (SLAs), bottom line, and customers would tolerate. Advanced ransomware protection solutions are equipped to block, mitigate, and alleviate cyber threats with technology that combines cybersecurity with data protection across all of today’s complex IT environments.
How much do you value your data? With accelerated digital transformation in the air, it is inevitable to expect a year with an increase in ransomware attacks. This is not the time when an enterprise can afford to let its guards down. Data today is any organization’s lifeblood. Cybersecurity and data protection planning go hand in hand. If a ransomware attack happens, your organization’s resilience is visible from the fact how soon it can recover its data. It is smart, therefore, to act now and build a security and data loss prevention strategy to protect your organization from ransomware attacks.
By Nikhil Korgaonkar, Regional Director, Arcserve, India & SAARC