Protecting your business in the age of ransomware

Ransomware is hitting near home for organizations of all sizes and fields. With attacks making headlines every day, according to the Dell Technologies 2021 Global Data Protection Index (GDPI), it is not surprising that 62% of surveyed IT decision makers are concerned about tackling malware and ransomware.

It’s not just the growing drum beat of bad news that keeps this threat in mind. When you regularly see the impact on your industry peers, you begin to ask yourself: Are we ahead? At the GDPI launch event, Michael Dale, chairman and CEO of Dell Technologies, explained why all businesses, from your insurance broker to the local butcher, big and small, are more scared than ever.

The GDPI survey found that 64% of leaders are worried that they will experience a disruptive event like data loss or downtime in the coming year. As the frequency of ransomware attacks increases, all businesses should expect attacks. Whether you should be afraid or not depends on how well prepared you are.

Threat like others

Many cyber security threats are devastating, but some are as big punches as ransomware. Its profound effects extend to your entire organization, disrupting operations, disrupting business-critical services and sometimes putting people at risk. These attacks are also the most expensive to minimize.

What makes ransomware unique, however, is its “in your face” style. You can reduce other security incidents sensibly, but ransomware attacks have become so obvious that your customers will know a lot about them. What will it do to your brand reputation and trust?

Absolute crime

For cybercriminals, ransomware is the perfect crime for the digital age. Not only is the barrier to entry less, but it offers a higher return on investment than garden-variety cybercrime. Like the savvy entrepreneur, the risky actor goes where the best opportunities are — and today, he is ransomware.

Ransomware Attack requires a bit of technical skill, thanks to the availability of Ransomware-a-Service on the Dark Web Marketplace. Ransomware operators don’t have to worry about spying on themselves, gaining early access or writing exploits. All of these services, and many more, are available in abundance – complete with 24/7 customer service.

On top of that, attackers don’t have to go far to monetize. When you fall victim to ransomware, you become, in essence, their instant “customer”. They know that you need to get your system up and running as quickly as possible and that you need to stop the possible release of your data. They have your instant attention and power – unless you have the tools to protect yourself and retrieve your data.

Defense begins with the basics

To avoid ransomware, you need to start with the basics. First, apply the NIST Cyber ​​Security Framework (or similar framework designed for your industry). Once you have the essential parts-patching, antivirus, security awareness, and so much more તમે you can build more sophisticated defenses like zero-trust and identity and access management.

Regardless of what other protections you have, data backup is one of the most important steps in fighting ransomware infections. The stronger your backup plan, the less power and hold the attackers will have over you.

So, what is your backup plan?

You may have a backup strategy, but have you noticed how ransomware evolved? Before tampering with your core data, attackers will usually spend a little extra time in your network to see if your backup can be compromised. If you have a connected backup, they will find a way to use it.

That’s why you need unchanging, offline copy for your critical systems. But if this immutable copy is on a remote location on the tape, how quickly can you access it and restore your system? According to the GDPI survey, the average recovery time from a disruption such as a ransomware attack is six hours. But that length of time is very disruptive for many organizations.

The founders of the Federal Credit Union (FFCU) calculated that they could only give themselves a one-hour window. Working in a high-volume, online transaction-based industry, they simply can’t afford more. Therefore, the financial institution underwent a major overhaul of its data center, focusing on cyber resilience.

One of the many components of the transformation initiative for FFCU includes a data backup and recovery plan that ensures that data is always available, always secure and always in use, thanks to technologies such as the Cyber ​​Recovery Vault.

Many of the consequences for this small, regional credit union include improved compliance, business growth, and enterprise-class business resilience. But what makes FFCU a great success story is that today, it offers cyber resilience consulting to other federal credit unions in addition to participating in the Technology Advisory Board for Cyber ​​Resilience and Digital Transformation.

One more step: practice

Another important step in ransomware protection that many organizations overlook is the study of their disaster recovery and response plans. Without running drills, simulations and tabletop exercises, your team has to work on the details in the midst of an emergency. This is not the best time to find out who to call and where to find that phone number.

According to the GDPI survey, 67% of IT leaders are not confident that they will be able to retrieve their business-critical data in the event of a devastating cyber attack. As an industry, we can do better. If you haven’t thought about the risks and effects of ransomware yet, start that process now. Confidence comes with practice. Rest assured: You don’t have to catch shameless criminals. There are ways and means to protect yourself. Yes, at times, you will be targeted (if you haven’t already). But you can choose how you respond and minimize the result. There are ways to secure your business and recover your data without submitting to the demands of the criminals and filling their pockets with your hard earned money.

To learn more about achieving progressive change at the intersection of people and technology, visit Dell Technologies’ Hub at the MIT Technology Review Here,

This content was created by Dell Technologies. It was not written by the editorial staff of MIT Technology Review.

Similar Posts

Leave a Reply

Your email address will not be published.