TALKING business
‘‘
When an attack does happen , they will recognize , understand and have confidence in the process of working towards recovery . By taking the education aspect of these steps seriously , organizations can decrease the ransomware risks , costs and pressure of dealing with a ransomware incident unprepared .
Back-up to maintain Business Continuity
The implementation of a reliable backup solution is a critical component of ransomware resiliency and its use is key to maintaining strong Business Continuity . Organizations need to have a reliable system in place that protects their servers and keeps them from ever having to pay to get their data back . Consider keeping the backup server isolated from the Internet and limit shared accounts that grant access to all users . Instead , assign specific tasks within the server that are relevant for users and require two-factor authentication for remote desktop access .
Additionally , backups with an air-gapped , offline or immutable copy of data paired with the 3-2-1 rule will provide one of the most critical defenses against ransomware , insider threats and accidental deletion .
“
WHILE NO ONE CAN PREDICT WHEN OR HOW AN ATTACK WILL HAPPEN , IT ORGANIZATIONS THAT HAVE A STRONG , MULTI- LAYERED DEFENSE AND STRATEGY IN PLACE HAVE A GREATER CHANCE FOR RECOVERY .
Anthony Spiteri , Senior Global Technologist , Veeam to guide the restore process so that backups aren ’ t put at risk .
Communication is key , having a list of security , incident response , and identity management contacts in place if needed – inside the organization or externally – will help ease the process towards remediation .
Next , have a pre-approved chain of decision makers in place . When it comes time to make decisions , like whether to restore or to fail over company data in an event of an attack , organizations should know who to turn to for decision authority .
If conditions are ready to restore , IT should be familiar with recovery options based on the ransomware situation .
Furthermore , detecting a ransomware threat as early as possible gives IT organizations a significant advantage . This requires tools in place to flag possible threat activity . For endpoint devices displaced remotely , backup repositories that are set up to identify risks will give IT further insight into an incredible surface area to analyze for potential threat introduction .
If implementations don ’ t prohibit attacks , another viable option is encrypting backups wherever possible for an additional layer of protection – threat actors charging ransom to prevent leaking data do not want to have to decrypt it . When it comes to a ransomware incident , there isn ’ t one single way to recover , but there are many options aside from these that organizations can take .
The important thing to remember is that resiliency will be predicated on how backup solutions are implemented , the behavior of threat and the course of remediation . Take time to research the options available and ensure that solutions are implemented to protect your company .
Prepare to restore in the event of an attack
Though Australian businesses are some of the best in the world at implementing preventative measures , as a nation we must equip ourselves with the tools needed to remediate a threat if introduced . Layers of defense against attacks are invaluable , but organizations need to also map out specifically what to do when a threat is discovered .
Should a ransomware incident happen , organizations need to have support in place
Implement additional checks for safety before putting systems on the network again – like an antivirus scan before restoration completes – and ensure the right process is underway . Once the process is complete , implement a sweeping forced change of passwords to reduce the threat resurfacing .
The threat that ransomware poses to organizations both large and small is real . While no one can predict when or how an attack will happen , IT organizations that have a strong , multi-layered defense and strategy in place have a greater chance for recovery .
With the right preparation , the steps outlined here can increase any organization ’ s resiliency – whether in office , remote or a combination of the two – against a ransomware incident and avoid data loss , financial loss , business reputation damage or more . •
38 INTELLIGENTCIO www . intelligentcio . com