Get ready for some statistics that will only confirm your worst fears. In Sophos’ The State of Ransomware 2022 report, 66 percent of the 5,600 IT pros in 31 countries surveyed said they had been hit by ransomware last year. Let that sink in. It gets worse: 65 percent of those attacks resulted in the organization’s data being encrypted. Of those, 46 percent paid the ransom. And only 4 percent of those that did pay got all their data back.
Cybercriminals are getting smarter, too, offering ransomware as a service (RaaS) to specialists whose skills in “virtual breaking-and-entering,” as Sophos puts it, differ from those of ransomware creators. An alert from the Cybersecurity and Infrastructure Security Agency (CISA), part of the National Security Agency (NSA), notes that for one RaaS called Conti, bad actors often try to gain initial access using spearphishing campaigns with tailored emails containing malicious attachments. But they’ve got plenty of other burglary tools up their sleeve. Among those listed by CISA:
- Stolen or weak Remote Desktop Protocol (RDP credentials)
- Phone calls—yes, some hackers will even cold-call a company to try to wring the information from employees they need to get onto your network
- Fake software promoted via search engine optimization (SEO)
- Malware distribution networks like ZLoader
But here’s the real kick in the teeth: the Sophos report says the average cost to remediate a ransomware attack was $1.4 million, and the average time it took to recover from an attack was one month. One final note on Conti ransomware, with the headline of a recent Threatpost article saying it all: “Conti Ransomware Expands Ability to Blow Up Backups.” Your backups aren’t safe from ransomware either.
Add it all up, and you can bet you’re only a click on a malicious link away from a potentially devasting ransomware attack on your organization.
IT Transformations Add Complications
You need to do everything you can to fight back against ransomware. But that isn’t easy with today’s increasingly complicated IT infrastructures. You may have a hybrid workforce using personal devices to connect to your network. And with IoT prevalent across many industries, you may be dealing with a massive increase in attack surfaces and vulnerabilities. Then there are your servers, endpoints, networks, network-attached storage, clouds, applications, and more that all need to be protected from ransomware.
With so many potential vulnerabilities and evolving attack vectors, IT pros need to change their approach. Beating ransomware requires a multi-faceted prevention strategy. No single silver bullet will keep ransomware at bay, especially given that there are so many other threats to your data, from malware to natural disasters.
The Three Pillars of a Complete Ransomware Prevention Strategy
We recommend a ransomware prevention strategy based on three pillars:
- Cybersecurity technologies
- Orchestrated recovery
- Security processes
Cybersecurity is a crucial aspect of your multi-faceted ransomware prevention strategy. It includes ensuring you have the latest protections for your endpoints, networks, servers, and other infrastructure elements.
At a minimum, it’s worth adding Identity Access Management (IAM) to keep unauthorized users out and Privileged Access Management (PAM) solutions to limit access to sensitive data based on roles. As we wrote in a recent post, you can take your defenses even further by employing a zero-trust model for data protection.
In the same post, we also make a case for putting advanced monitoring functionality in place so your backup admins can react quickly to any threats or other issues involving your primary or backup infrastructure and operations. That includes data loss prevention (DLP) software that detects potential data breaches and data exfiltration activities and then blocks them from accessing sensitive data—in use, in motion, and at rest.
Endpoint detection and response (EDR) is another cybersecurity tool that continuously monitors end-user devices to detect and respond to cyber threats. If your organization uses a remote or hybrid work model, EDR is invaluable.
Plenty of other cybersecurity tools and solutions are available. See this post for links to tools offered by the NSA and CISA to combat open-source cyberthreats. And check out this post in which we dive into how you can create a more resilient organization (starting with a cyber resilience review). We also offer a host of links to valuable—even essential—tools that will help you raise cybersecurity awareness and ensure business continuity.
Data Protection and Orchestrated Recovery
The most important step you can take is to ensure your backups are protected from encryption and exfiltration. Arcserve strongly recommends that you follow the 3-2-1-1 backup strategy. (The 3-2-1 backup rule is out of date now that backups are being targeted more frequently by ransomware.) The rule is simple: keep three copies of your data; store two copies locally on two formats (tape, network-attached storage, or local drive); and keep one copy offsite, with the cloud offering the most flexibility. The extra one stands for immutability. Backups saved or replicated to an immutable object store are in a write-once read-many-times format. These immutable backups can’t be altered or deleted, so they are safe from ransomware no matter what.
If you are hit by a successful ransomware attack or other data loss event, orchestrated disaster recovery will help you recover as efficiently as possible. An effective orchestration solution also ensures that your critical systems—servers, applications, and sensitive data—are automatically brought back online in the proper order. That takes much of the complexity out of recovery. Given the multiple tasks that go into a manual failover, orchestration ensures fast disaster recovery, even as you scale your organization.
The final pillar may be the most critical because the human element was involved in 85 percent of breaches in 2021. Tools and solutions aren’t enough. Cybersecurity training should be a core element of your disaster prevention and recovery plan. CISA offers an excellent cybersecurity awareness program that includes a toolkit and resources. Make sure your team understands how to spot phishing schemes and suspicious links. Help them know how vital their role is in preventing ransomware and breaches.
It's also essential to run disaster recovery exercises that test your disaster recovery plan’s effectiveness. And don’t forget to keep physical security in mind, including running background checks. Finally, we want to reiterate the value of IAM and PAM in keeping your data secure.
Up Next: Why Choose Arcserve UDP to Fight Ransomware
Read part 2 of this blog series, where we take a close look at the features behind Arcserve UDP and how it helps make your fight against ransomware easier. If you’re ready to dig in today, sign up for a free 30-day trial or talk to an expert Arcserve technology partner.
Read part 3 of this blog series.
You May Also Like
- Data ProtectionJuly 6th, 2022
- Data ProtectionJuly 5th, 2022
- HealthcareJune 30th, 2022