How Can IT Professionals Protect Their Organizations Against Ransomware?

JULY 23RD, 2020

As enterprise-focused cyberattacks continue to increase in frequency and impact, it is crucial that your organization is thinking about how to protect sensitive data, applications, and business systems from the threat of cybercrime. 

Cyberattacks as a whole are on the rise, and experts have identified ransomware specifically as one of the fastest growing exploits. In fact, the U.S. Department of Justice went as far as to call ransomware “a new business model for cybercrime.” 

The Direct and Indirect Costs of Ransomware Recovery

In 2016, ransomware attacks occurred every 40 seconds. By 2021, the frequency of ransomware attacks on businesses is expected to grow to one every 11 seconds. Faced with the increasing likelihood that your organization will be affected by ransomware, it is important to understand the potential financial impact a successful ransomware attack can have.

Physical Recovery Costs

Security experts normally don’t recommend paying the ransom, but many companies do in the hopes they can recover their data safely and quickly. In Q1 2020, the average ransomware payment was estimated at more than $100,000, which is a huge financial blow to almost any organization.

Another large cost of cleaning up from a ransomware attack is replacing or repairing affected hardware, such as servers and workstations. A good malware detection tool can offer a layer of protection, but it is crucial to isolate infected devices quickly and take them off the network before catastrophic damage occurs.

In an ideal world, enterprises would invest in third-party security reviews before they are affected by ransomware. But even after the fact, it’s a good idea to have your system reviewed by cybersecurity professionals to identify weak spots and vulnerabilities in your security perimeter so you can prevent future attacks. 

Indirect Costs of Ransomware

In addition to the direct costs incurred after a ransomware attack, you can expect to experience some less tangible financial impacts, such as lost employee productivity and lost revenue due to the system being down. 

Today’s users are very unforgiving when it comes to downtime and data security. A significant security event can cause lasting damage to your company’s reputation, resulting in loss of new and existing customers. Additionally, your stakeholders may lose confidence in your ability to keep their data secure. 

A recent study by Arcserve measuring the impact of ransomware on consumer behavior shows that 70 percent of respondents think businesses don’t do enough to secure user data. More than half (59 percent) say they would likely not do business with a company that had experienced a cyberattack within the past year, and 84 percent share their negative ransomware-related experience with others, including on social media.

Five Ways to Protect Your Organization Against Ransomware

Cleaning up after a ransomware attack is expensive. Fortunately, there are steps you can take to help prevent attacks and facilitate recovery in the event a breach does occur.

1. Know your environment.

You can’t protect your perimeter if you don’t know where it is. So the first step in creating a ransomware protection strategy is to identify every service, device, and application that is attached to your network.

Document known vulnerabilities, such as shared passwords, and assess potential risks and vulnerabilities, such as increased VPN access and BYOD due to quickly setting up remote workstations in response to COVID-19.

2. Stay Up to Date on Patching.

One in three breaches occurs because of missed patches, so prioritizing application patching and OS patching is a must. Automating patch management and updating will help ensure security fixes stay up to date.

3. Educate Employees on Good Online Hygiene.

User behavior is the No. 1 way ransomware spreads. Set up an employee education initiative to teach all staff members how to recognize social engineering tricks, safe internet practices such as avoiding malicious ads and websites, and what to look out for when opening email attachments.

4. Minimize Admin Privileges.

Limiting the number of people in the organization with elevated permissions—and closely monitoring those who do have privileged access—will help prevent attackers from reaching business-critical data and applications should a breach occur.

Consider implementing access control initiatives such as zero trust, privileged access management, frequent access reviews, and automated provisioning and deprovisioning.

5. Implement a Proactive Ransomware Protection Strategy.

Being proactive about ransomware prevention will save your organization both time and money. A comprehensive ransomware protection strategy will include tools to detect and prevent ransomware attacks, protect critical data and applications from internal and external threats, and quickly neutralize malicious activity. 

There are a lot of solutions on the market that just provide data protection or just provide cybersecurity. For seamless, end-to-end ransomware protection and data integration, enlist help from a solutions provider that offers integrated cyber and data protection.

Proactive but Prepared Is the Best Strategy for Ransomware Protection

Being proactive about ransomware prevention is the smart way to work, but we all know that mistakes happen. Having a disaster recovery plan in place is key to minimizing downtime and reducing the costs to recover. 

At a high level, your disaster recovery plan should include: 

  • Business impact analysis: This analysis outlines the business-critical systems and applications, the potential cost of extended downtime, and any compliance requirements your organization must follow.
  • Risk assessment and management: This assessment identifies system weaknesses and dependencies and documents what steps to take to ensure data can be recovered and systems put back online quickly with minimal loss.
  • Backups: Make sure you do full backups regularly and that the backups aren’t directly accessible from the network. Some types of ransomware target and encrypt backups as part of the attack, so store your backups off-site and make sure they are isolated. 

Preventing ransomware is an accepted part of doing business today, but with preparation and a comprehensive ransomware protection strategy in place, enterprises don’t have to accept being a victim. Download A Ransomware Crisis Plan Is Now a Business Imperative to learn more about how to defend against ransomware attacks.