Seriously? We’re still talking about ransomware in 2022? Yes. Yes, we are. We’re still talking about ransomware because it’s still a serious problem for organizations.
In fact, Lincoln College, a liberal arts school in Illinois, closed its doors after 157 years after a ransomware attack that was the final straw that drew them to shut down.
In another incident, a cybercrime group called Vice Society attacked the Los Angeles Unified School District. This left the school district in confusion and panic. They weren’t sure if or how much data was stolen and who the perpetrators even were.
There are attacks happening frequently around the world and can leave lasting effects on organizations whether they end up paying a ransom or not.
Are you prepared if ransomware attacks?
This can be a difficult question to answer, and if you’re having trouble answering this, it may be time to look at your ransomware preparedness.
Lucky for us, Osterman Research has published a white paper focused on the ransomware landscape in 2022 and how organizations can be better equipped to handle a ransomware attack and have more tools at their disposal for recovery after an attack.
I don’t want to spoil the joy of reading this report for yourself, but let’s go over a few key takeaways to wet your excitement whistle. Plus, it’s free so you can go read the rest of it yourself.
The white paper looks at 8 different areas Osterman has identified as being problem areas for organizations when it comes to being prepared for ransomware attacks. Some focus on defending against ransomware attacks while some focus on recovering after an attack. Let’s talk about one of each:
Strengthening Identity Models
Employees must enter their credentials to access company systems, applications, and devices. A username and password are associated with individuals indirectly but can be compromised through several different means.
Strengthened identity models are too often reactionary measures taken by organizations in response to ransomware attacks. While this is good, these efforts are too late, and the damage has been done. What can be done now, before an attack happens?
How to Strengthen Identity Models
Multi-factor authentication (MFA) should be the first step taken toward a stronger identity model. MFA is a form of security that requires multiple forms of authentication from an individual before they can access a given system. It links something they know like a username and password and links it with something they have like a separate device. These can come in the form of codes sent via mobile device or email. However, this method also poses threats. For example, someone can access these codes if they somehow compromise the email or device. Stronger options might include:
- Enlist stronger forms of MFA. One-time passcodes can be generated by authenticator apps on mobile devices.
- Biometric authentication. When devices used for one-time passcodes have basic security measures, these devices can pose threats to organizational data because they can still be accessed. Ensure these devices have a biometric authentication like a facial scan to access.
- Implement risk-based authentication. You can never be too careful when it comes to authentication. Solutions that unlock visibility into risk signals, like device type, network connection, access time, and geographical location, can require additional authentication when they have found the risk to be high.
Beef Up Your Data Backup
Usually, the goal of ransomware attacks is monetary gain. They will threaten organizations with auctioning their data, divulging their data, or any number of things if they aren’t paid a certain amount of money. If an organization has its data in one place and doesn’t have a way of retrieving it when ransomware attacks, they are stuck between a rock and a hard place. Either pay up or suffer the consequences. It makes logical sense that the defense against this would be a data backup. In the case of a disaster such as ransomware, a backup means systems, applications, and devices can be recovered without having to pay a ransom.
Ransomware attackers aren’t dumb. They know a solid backup is easy prevention for their attacks. Therefore, attackers now strive to gain access to, delete, and corrupt backups. In fact, one study by Veeam found that backup repositories were targeted in 94% of ransomware attacks and at least a portion of repositories were affected in 68% of incidents. Not the most encouraging numbers…
Ideas that can beef up your data backup might include:
- Ensure your backup enables a full restoration. This one sounds obvious, but only 1/3 of organizations can recover 80% or more of their data after a ransomware attack. It should go without saying that your backup should be able to restore your data in an emergency. Test your system and make sure it does what it’s intended to do.
- Ensure your backup is ransomware aware. Often, attackers will focus on the backup and infect it so when an organization attempts to back up its data after an incident, the ransomware cycle starts all over again. Your backup solution should be able to differentiate between business files and malicious exploits if you want a clean backup.
- Ensure controls over changing backup settings and deleting data are strong. When stronger controls for approval and confirmation of significant requests against backup repositories are in place, attackers who manage to take control of an administrator’s account are stopped in their tracks and can’t change retention settings or delete backup data.
Attackers Will Find Your Weaknesses If You Don’t
If your organization is sporting weak protections against ransomware, attackers will find out. Ransomware attackers can sniff out weaknesses in protection and exploit any vulnerability your organization has.
This sounds grim.
However, it doesn’t have to be. With proper preparation and adequate resources allocated to bolster protection, organizations can run efficiently without the worry of losing data to criminals. This takes an honest evaluation of your current efforts and processes in fighting ransomware. If you find weak spots, work to fix them.
Attackers know to steer clear of organizations with beefy ransomware protections. They know it isn’t worth their time to try to fight against preventative security measures for a payout. They will move on to the next organization that isn’t taking their security seriously enough.
I hope this review didn’t scare you, but inspired you to take a closer look at the ways your organization is preparing itself for ransomware attacks and recoveries.
If you’d like to talk more about ways to boost your own preventative measures against ransomware, we know a thing or two and would love to discuss your organizational needs to see how we can help.
Comment below or reach out to us directly.
Be safe out there.
Read the full report here.
For more information on data backup and resiliency, visit our site.
The Micro Focus IM&G team
Know your data | empower your people | drive your future Join our community | @microfocusimg | www.microfocus.com