You’re at risk from ransomware attacks no matter what size your organization is. In a recent survey, an astonishing 80 percent of 1,100 IT and OT pros said their organizations had already experienced a ransomware attack, with 52 percent paying a ransom of at least $500,000. "Pervasive" is the word DCIG President and Founder Jerome Wendt uses to describe the ransomware epidemic in his recent Technology Report, “Identifying and Deploying the Right Cyber Resilience Solution.”
The report also says the inevitability of a ransomware attack and its devastating impacts makes complacency a risky option. The recommended response? Put a combination of cybersecurity and cyber resilience technologies in place that works together to defend against ransomware.
The report suggests that a zero trust cybersecurity approach is an excellent first step in bolstering your defenses. Zero trust controls access to your corporate IT systems and digital assets using technologies including multifactor authentication (MFA) and role-based access controls (RBAC) to authenticate system and user access. Cybersecurity technologies like antivirus software and firewalls are also crucial to your defenses.
To help clarify the differences between cybersecurity and cyber resilience, here is the definition of cybersecurity from the Cybersecurity and Infrastructure Security Agency (CISA): Cybersecurity is the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information.
The DCIG Technology Report explains that cyber resilience technologies differ from cybersecurity solutions in that they reduce and mitigate your organization’s risks when a ransomware attack occurs. The critical criterion for cyber resilience solutions is the ability to withstand an attack and let you continue to operate, potentially in a degraded state.
Here’s the definition of cyber resilience from the National Institute of Standards and Technology (NIST): The ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources.
The DCIG report outlines four goals that cyber resilience products should meet to be worth considering.
Since it’s clear you’re going to be attacked by ransomware at some point, you need to be prepared. The report says that there are three approaches to being so:
Ultimately, monitoring is the linchpin of preparation.
Again, given that you’ll likely experience a ransomware attack—and understanding that you may not detect an attack for hours, days, weeks, or even months—the report says you need to put software and technologies in place that can withstand both overt and covert attacks.
The report notes that overt attacks are in some ways better than covert attacks in that they cause immediate disruptions to IT and business operations. For these, you need cyber resilience software and technologies that help you survive and continue operations when the incident occurs.
The suggestion is to either take these systems offline or air gap them to keep them secure. Since you may not discover an attack for some time, you also need cyber resilience software and technologies that continually protect themselves, securing and monitoring all activity on your systems.
Even if you do everything we’ve talked about, you may still become a ransomware victim. So you need to configure your cyber resilience solution to place the right data on the right storage media to meet your recovery objectives. Fast recovery media options include cloud, disk, flash, tape, or a combination of these. And you need to test your recovery processes so you know you can respond to both covert and overt ransomware attacks.
IT environments are constantly changing, often without considering the impacts on your cyber resilience solution. That’s why the report points out that, for your cyber resilience strategy to be viable, you need to monitor and track changes to your IT environment—and update your cyber resilience solution whenever these changes make it necessary.
The report refers to the NIST cyber resilience definition as your guideline, but it’s also worth looking at the NIST publication Developing Cyber-Resilient Systems: A Systems Security Engineering Approach.
The DCIG report suggests you get answers to these questions when considering data protection software and technologies:
The report adds that these critical data protection features should be included in your chosen solution:
The report also includes a comprehensive list of Arcserve’s cyber resilience offerings, concluding, “Arcserve provides organizations with a high level of certainty they can successfully recover in a timely and effective manner.” Click here to read the full Technology Report.
To learn more about Arcserve solutions, find an expert Arcserve technology partner or contact us for product details.