5 Steps to Improving Ransomware Resiliency
Veritas cybersecurity researcher Alex Restrepo outlines the key concepts organizations should pay attention to and implement today.
Ransomware is a rapidly evolving threat landscape. Ransomware has had a significant impact on the economy, infrastructure, and government. Recent high-profile cases include the Kaseya, Colonial Pipeline, and JBS attacks.
The executive branch took action following these and other incidents like the SolarWinds attack. It issued an executive order (EO) that covers several cybersecurity concepts. To minimize future incidents, the Federal government has issued an executive order (EO) encouraging private sector companies.
The EO covers many different concepts. I have outlined some key concepts for organizations to pay attention to and offered tips to get you started.
1. Adopt a “Zero-Security” Posture Towards Ransomware
The “Modernize & Implement Stronger Cybersecurity Standards within the Federal Government” order stood out to me. This order aims to push the Federal Government to adopt and increase better security practices, including zero-trust security. It also accelerates the deployment of multifactor authentication, encryption, and cloud services.
Veritas advises enterprises to adopt a “zero security” mindset. This is the belief that even the best endpoint security can be compromised. You should have a plan in place to be ready for what might happen.
2. 2. Be active, not passive
Enterprises must have strong endpoint security and data protection. This includes anti-virus software, as well as whitelisting software that allows only authorized applications to be accessed. An enterprise needs both an active and reactive component of protection.
Companies hit with a ransomware attack can spend five days or longer recovering from an attack, so companies must be actively implementing the right backup and recovery strategies before a ransomware attack.
3. Do not put all your eggs in one basket
Ransomware is a ransomware program that black hats have developed to block any escape from enterprises that pay the ransom. Ransomware attacks are designed to attack files and systems, backup systems, and cloud-based data.
We encourage organizations to use the National Institute of Standards and Technology’s Cybersecurity Framework as a basis for a comprehensive backup and recovery strategy. It includes best practices such as using immutable storage to prevent ransomware from encrypting and deleting backups; using in-transit or at-rest encryption for security against bad actors compromising your network or stealing data, and hardening your environment by installing firewalls that limit ports and processes.
4. Make a Cyber-Incident Playbook
Another aspect of the EO that I wanted to mention was the call to “Create a standard playbook for responding to cyber incidents.” This federal government plans to create a playbook for federal departments, which will also serve as a template to the private sector to assist companies in taking the necessary steps to mitigate a threat.
Because time is precious, we need to be quick. Here are some important steps organizations can take when creating their own.
- Digital RunbookA plan on paper is one thing, but a digital plan is vital. It can be viewed online and completed in a matter of seconds. It takes longer to recover from an attack if a plan is more complicated than it should be.
- Test, test, test your plan to ensure it works when you need it. Although initial testing is essential to make sure all components of the plan work, it is crucial to continue testing regularly.
- Eliminate single points of failure: The 3-2-1 principle states that you should have at least three copies of your data to avoid anyone’s failure from affecting your plans. You should have at least two different storage media so that a vulnerability in one does not compromise all your copies. You should have at least one of these mediums offsite or an air-gapped backup copy in case an attack takes out your entire data center.
- There are options for rapid recovery that can be slow when an attack on a data center causes damage to the entire network, hardware, workloads, data, and data. An alternative option, such as quickly setting up a cloud-based data center can reduce downtime and offer alternatives to paying the ransom.
5. Ransomware is an Arms Race
It is more important than ever to prepare your company for inevitable ransomware attacks. Cyber resilience has been a key mandate from the Colonial Pipeline attack. Security leaders have an important role to play in making sure that valuable and sensitive data is protected and secured.
Ransomware will not be solved. I view it as an arms race in which all parties must be vigilant, especially when dealing with elements beyond our control. Although no single security measure or solution will stop ransomware completely, a multilayered approach to security can help you to minimize the damage and quickly get back on track.
Alex Restrepo works with Veritas’ Virtual Data Center Solutions team.