6 Ways to Build Your Ransomware Resilience
Ransomware attacks continue to pose a significant threat to businesses worldwide. Last year alone:
- 59% of organizations were hit by ransomware
- On average, 49% of an organization’s computers were impacted by a ransomware attack
- 94% of organizations hit by ransomware said that the cyber criminals attempted to compromise their backups during the attack
Source: 'The State of Ransomware 2024' - Sophos.
With the prevalence and potentially devastating consequences ransomware can have on businesses of any size, it pays to consider what you can do to mitigate the threats this type of malware can bring. Here are our top six tips for making your operations more ransomware resilient.
1. Develop and Implement a Disaster Recovery Plan
No matter how solid your IT platform and cyber security measures are, risk is ever-present. And it could come from a number of sources. A hard disk array failure, a ransomware infection or a weather-related disaster - anything that disrupts your business operations or brings about unplanned downtime.
A disaster recovery plan maps out exactly what you will do to resume operations in the face of a data loss event. Your plan must also address how you will prevent ransomware from infecting backups. And how you will prevent reinfection when restoring data from a backup.
Routinely testing your disaster recovery plan before you need it is vital. The worst time to discover a problem is in the middle of a disaster.
2. Use the 3-2-1 Backup Method
The 3-2-1 backup plan is one of the most popular backup strategies because it really works. The principle is simple:
3 – Always have three copies of your data 2 – Two different backup storage media (usually tape and/or disk) 1 – One copy of backed-up data stored off-site (possibly in the cloud)
The 3-2-1 strategy helps protect against modern ransomware which routinely targets backup archives. Two backup copies increases your chances of having a ‘good’ copy to restore from. And storing a copy offsite, preferably offline, further reduces risk of infection.
Immutable backups prevent archives being overwritten or compromised by ransomware. This is particularly important when using the automated file replication systems common in cloud backup systems.
3. Keep Software and Tools Updated
Anti-malware and mail filtering tools are only effective if they're kept up to date. Your IT team must ensure that definitions are routinely downloaded and applied. You may have the option to use automated signature updates. These can help to limit the risk of ransomware infection and spread.
Similarly, ransomware typically exploits known software vulnerabilities. Keeping your applications patched and updated is critical to reducing attack potential. Closing loopholes early will ensure ransomware can't spread. Developing a patch management schedule is time well spent if it prevents a costly ransomware outbreak.
4. Train Employees to Spot Cyber Criminal Tactics
Unfortunately, your employees are one of the most likely means of ransomware infiltrating your network. But with awareness and regular training, they could also become one of your most important and powerful defences.
Employees alert to ransomware tactics are less likely to open attachments or click links, which can dramatically reduce the risk of infection. Very often there are warning signs - if they know what to look for. Among the most obvious indicators are:
- Poor spelling
- Low-quality or incorrect graphics
- Executable attachments
- Attachments containing macros
- Incorrect URLs and website addresses
- Requests to share usernames, passwords or other sensitive information
- Unusual requests from internal email accounts, such as account sharing or similar
Checking emails for any of these indicators should be routine practice for all employees. Checks don’t have to take long and they will save a lot of time and money if they prevent a ransomware outbreak.
5. Network Segmentation and Access Controls
Ransomware spreads and infects as many files as it can. Designing your network architecture to limit spread adds another layer of defence. Segmentation allows you to divide your network into smaller subnets and to control the traffic between them. When done correctly, network segmentation can prevent traffic crossing out of an infected segment. This instantly limits the damage potential of an infection.
Your systems also contain valuable tools to control access. Ensure that unknown applications can't be executed with elevated permissions. And prevent users from accessing resources they do not need. These basic principles ensure that even if ransomware does make it into the network, you can significantly limit its spread.
Segmentation is also a useful tool for preventing backups from being compromised by ransomware. Consider installing firewalls between network segments. You'll then be able to detect and block suspicious activity from crossing segments, even before an infection is confirmed.
6. Stay Informed of Evolving Cyber Threats
Ransomware, like other cyber threats, is constantly evolving. So making it a priority for your IT team to stay on top of the latest developments is always a plus. There are plenty of ways to stay informed, including:
- Reading and watching industry news
- Attending cyber security events
- Watching webinars on topical issues
- Connecting with industry peers and sharing knowledge, experience and best practice principles
Continually learning about ransomware and how it's evolving, then bringing this knowledge into the workplace, will help keep your business' assets, data and backups protected.
Prioritize Proactive Ransomware Resilience
Ransomware resilience is a non-negotiable requirement in a digital age. Your business must be ready to face - and mitigate - the threat of infection. Otherwise, the impact of an outbreak could be catastrophic. We hope these six tips will point you in the right direction to build a comprehensive defensive strategy that properly protects your business.
Take Your Place in the Ransomware Conversation
Find out more about mitigating ransomware threats by joining our webinar on Wednesday May 22nd at 14:30 BST (London) / 09:30 EDT (New York), when we'll welcome special guest speaker and cyber security expert James Bore of Bores Group to bring your practical guidance on keeping your backups safe from ransomware.
Sign up here reserve your place.
What is Data Exfiltration and How Can it Harm Your Business?
How Ransomware Resilient is Your Data Backup Strategy?
