Start adding items to your reading lists:or
Save this item to:
This item has been saved to your reading list.
Ransomware attacks are seizing headlines, but the reality is even darker. Most victims never appear in the media, since they quietly pay to make the problem go away. The danger is intensifying as threats multiply, their sophistication rises, and the ransoms hackers demand become higher and higher.
What would you do if tomorrow hackers breach your systems and lock you out of your own data and systems? They can hold hostage assets such as your customers’ credit card numbers, or critical business processes on which your operations depend, or sensitive data that you are bound by law to protect. The hackers have increasingly used a 1-2 punch by saying: pay up to get your data unlocked and/or pay up or we release all your data on the internet. A permanent lockout could cripple your operations. A public release could harm your customers, poison your brand and provoke regulatory scrutiny and heavy fines.
You can reduce the risks, but you need to act now. Here are four things you need to know about the new dangers.
Ransomware criminals will choose the most lucrative and softest targets, so it’s wise to harden your defenses and encourage hackers to look elsewhere. Make your cybersecurity top-notch, with multi-factor authentication on all accounts (including VPN access), robust patching and vulnerability management, up-to-date antivirus and intrusion detection systems, and remote desktop protocols (RDP) that are either disabled or not accessible from the internet.
Understand where your critical data is located, the implications (including regulatory requirements) of any breach, and what you would need to recover in order to create a ‘minimum viable company.’ Create and check offline backups, along with a robust restore procedure. Define and test how much disruption you can tolerate, so if an attack does succeed, you can make the right decision about paying ransom.
If you are hit, having a plan ready can cut your losses and get you back up and running quickly. Having segregated full and incremental backups available to restore can help you get back in business and reduce operational impact. Otherwise, even if you pay a ransom, recovery may be slow and costly, since IT environments are complex and information about critical systems may be unclear. After ransomware criminals return data and provide decryption keys, it’s all too common for companies that lack a plan to face a long and slow recovery: ransomware tools may have corrupted data and IT teams may not have the needed decryption skills.
Develop and exercise today incident response and crisis plans. Test these plans for a catastrophic ransomware scenario, where common security and IT tools may be unavailable and recovery efforts could require weeks or months. Make sure you have the technical expertise to respond to the attack by determining its cause, investigating its extent, containing the breach and expelling the attacker from your environment.
Ransomware is a major and growing danger, against which you must strengthen defenses and develop a response plan, right now. Ransomware criminals are multiplying, attracting new cyber talent, innovating malware, and acting with impunity. To reduce the risks, your defenses and incident response plan must be both top-notch and continually evolving. The right defense plan will also be unique to your organization: it will consider your critical needs, your current and potential defenses, your vulnerabilities and your organizational ethos.