Element Four's 2021 Cybersecurity Update:
There will always be new cyberthreats, but ransomware is one that won’t be going away anytime soon. And if you’re a cybercriminal, why would you want it to? It’s highly profitable since so many companies are willing to pay, keeping the money rolling in. Plus, many organizations unintentionally meet their attackers halfway by continuing to not put the right protections in place.
With the growth of extortion attacks at 100+%, it’s not a matter of if you’re going to be attacked, but when. So, you need to ask yourself, can your organization survive an attack operationally—shutting down your business for days, weeks, or even permanently—or financially—the loss of revenue due to a shutdown and the payout to get your data back?
While there may never be a single solution you can turn on to keep your organization fully protected, one thing you can do to protect your organization from ransomware is to have a great backup and disaster recovery strategy in place—which is much more than just keeping a copy of your data offsite or in the cloud.
Don’t forget cybercriminals are relentless and ransomware gets more sophisticated each day. Even if your data is already backed up, ransomware can infiltrate traditional backup infrastructure, so when you try to restore, you may quickly find out that not only are your backups gone, but you now have to pay up.
Ransomware’s Harsh Reality
From large corporate attacks, think Colonial Pipeline and JBS Foods which both caused huge panic among the general public and in their chains, to small municipalities like Oldsmar, Florida, which came dangerously close to having their water supply contaminated, hackers are getting even more creatively insidious in their attacks. No one is off-limits or out of reach.
Add into the mix the increased number of mobile devices your remote workforce is using to connect to your network—smartphones, tablets, laptops, and even IoT—and there are even more endpoints that can be exploited to gain access and take control of your business data.
If ransomware were measured as a country, it would be the world’s third-largest economy, after the U.S. and China, with a gross of $6 trillion USD in 2021 alone. If you think that paying them off means you’re off the hook, think again. Paying only shows that you’re easy prey and puts a bigger target on your back. And there’s no guarantee that after you cough up the cash, you’ll get all your data back. Organizations that pay a ransom rarely recover all their data. In fact,
- 8% recovered all data after paying ransom
- 29% recovered no more than half their data after paying ransom
- 65% average amount of data recovered after paying ransom
You can’t change what ransomware is capable of, but you can implement a great backup and recovery strategy that ensures your data is protected.
What Can You Do?
It sounds grim, but it’s not hopeless. Since security is one of our core competencies at Element Four, we understand that it takes more than just one-and-done to ensure your data, business, and reputation are protected when a ransomware attack occurs.
- Follow the 3-2-1 rule: Keep 3 copies of your data, on 2 different media (disc/tape), and 1 off-site location.
- Incorporate immutable backups: This will keep your data fixed, unchangeable, and in a form where it can never be deleted or modified. Plus, you can deploy it immediately to production servers in case of a ransomware attack or other data loss.
- Implement longer retention policies: Retention policies are different depending on your industry’s compliance standards. Take what you think is a good amount of time for retention or what’s required for your industry and add extra for leeway.
- Partner with an IT security specialist: They can help you identify gaps in your security strategy, work with you to balance your security with your budget, and design and implement a solution that meets your operational needs.
Have Questions or Need A Starting point? We’d Love To Help.
You can avoid becoming another ransomware statistic by building up your defenses, starting with having a strong backup and disaster recovery plan in place. Not sure if yours can withstand an attack? As a Cisco partner, specializing in helping small- to medium-size businesses strengthen their security posture, we can do a complimentary backup/recovery assessment to show you where your security is now and where it needs to be to protect your business against the next attack.