Cybersecurity Awareness Month: 3 Critical Ransomware Protection Principles

The ransomware protection problem is getting worse. One criminal group is infecting 100s of organizations per month with malware variants, according to The Register. The manufacturing industry is a favorite target of ransomware attacks, per Black Kite Research, and news of hospitals and health services organizations being struck emerges weekly.

Why is ransomware so prevalent? The attacks work. No matter how sophisticated an organization’s security perimeter, all it takes is one careless user clicking on the wrong attachment and the malware sneaks through. Plus, hackers know that if they hold your organization’s critical business file data hostage, they have a high chance of scoring a ransom.

This Cybersecurity Awareness Month is a perfect time to take a step back and evaluate whether your organization is prepared for an attack. Here are 3 critical ransomware protection principles to keep in mind as you evaluate solutions to keep your data safe.

1. Build a Multi-Layered Defense

You should see to it that all sensitive file data is encrypted and that you rely on both regular and immutable backups. The immutability of object storage is one of the reasons the cloud is an ideal medium for ransomware protection. File data stored as immutable objects cannot be altered, allowing you to recover clean, unencrypted versions of infected files.

Even the best solutions don’t protect against careless employees, so you must have continuous education and training programs in place to ensure your users are aware of the latest phishing attacks and novel attack methodologies. Here at Nasuni, if you don’t complete your regular cybersecurity training on time, you hear it from your manager immediately.

2. Prioritize Mean Time to Recovery

A multi-layered defense strategy is essential, but it’s not foolproof. Attacks are inevitable, and the real damage comes from downtime, lost data, and incomplete restoration. A global manufacturer that has to take its factories offline for several days stands to lose significant revenue. UnitedHealth estimated its total ransomware-related losses at $872 million.

With this in mind, it is essential to prioritize mean time to recovery and get your organization back to normal as quickly as possible. A few suggestions:

• Rapid Detection: Real-time monitoring tools providing visibility into file activity will let you pick up on suspicious behavior immediately.
• Automated Response: Catching suspicious behavior is the first step. Any subsequent delays could allow the malware to spread, so you need automated containment measures to isolate affected systems and prevent further damage.
• Alerts and Reporting: Response teams need to be notified quickly to control the situation, and they need transparency into what happened and where it happened to start accelerating your recovery process.

Shrinking your mean time to recovery as much as possible means you get back to business as usual as quickly as possible. But recoveries shouldn’t just be fast. They need to be precise.

3. Demand Precision Recovery

File data encrypted by a ransomware attack is as good as gone. Paying the ransom is a flawed strategy, as there is no guarantee the hackers will restore your data, and you identify your organization as one that will pay up, increasing the likelihood of future attacks. Instead you should restore from backups, but if you rely on infrequent backups, then you could force your employees and systems to sacrifice several days of work.

A precision recovery strategy relying on multiple backup versions allows you to restore to just before the attack. When this system includes real-time detection and automated responses, you minimize the impact on your organization as a whole. If you have the ability to quarantine and restore only the specific files impacted within a folder or drive, for example, then you avoid disrupting the productivity of users who need access to other data in those volumes. The impacted users get back to work faster, and those whose files were not encrypted can continue working unimpeded. Generally, a precision-optimized architecture is going to be far more efficient from a business continuity standpoint.

Finally, I’d suggest deploying a system or solution that automates this entire process as much as possible to reduce human error and accelerate the recovery. As users, we link-clicking humans are often the weak spot in an organization’s ransomware defense strategy, but we are also the ones capable of re-designing our defenses. This Cybersecurity Awareness Month, keep these three ransomware protection principles in mind as you analyze your systems and defenses, and transform ransomware from a potentially crippling threat into a standard security nuisance.