Despite the recent prominence that a spate of media attention has given it, the threat of ransomware is nothing new.
According to the FBI, ransomware attacks are occurring no more often than they did a few years ago—what’s changing is the effectiveness of these attacks. They’re better targeted, more sophisticated, and much more lucrative for criminals than they were even six months ago.
State and local government agencies, municipalities, and educational institutions have been particularly hard-hit. IT systems serving more than U.S. 500 schools were infected with ransomware in the first nine months of 2019 alone, making education the second most-frequently victimized sector in the nation. Only local governments saw a greater volume of successful attacks. Protecting against potential damage from ransomware attacks is imperative in all industries, but it poses particular challenges for organizations in the state and local government and education (SLED) space. With limited budgets and small IT security staffs, they must seek out the solutions that are most cost-effective while requiring the least administrative overhead.
Preparedness is key
"There’s no single product or practice that will completely protect you, but the first and most important requirement for reducing your risk is having access to tested, validated backups. That’s what makes the biggest difference to recovery times." William Higgins, Director of Solutions Architecture, VectorUSA
As ransomware attacks grow more sophisticated, we’re seeing increasingly diverse variants of the malware itself. Some strains will attempt to compromise systems immediately upon download, while others may remain dormant somewhere in the network for several months before launching an attack. Many cybercriminals distribute the ransomware through phishing email campaigns, but others seek to exploit known vulnerabilities in widely used software applications. Because the malware is becoming more complex, and because its authors are employing a wider variety of strategies to gain access to victims’ IT environments, no single protocol exists that can guarantee your protection. However, implementing a few best practices consistently can dramatically reduce your risks. These include:
Installing software patches and updates as soon as they become available
Conducting backups of your systems regularly enough to ensure you’d have access to a complete copy of all critical data in case of disaster.
Consistently testing and validating those backups.
All of these best practices are simple routines and, as such, are very amenable to automation. With the right business continuity and disaster recovery (BCDR) solution in place, you can ensure that not only will backups be completed according to an appropriate schedule, but they’ll be tested to ensure they’re reliable, clean, safe, and malware-free.
"When the backup and disaster recovery solutions that we recommend are put in place, we’re able to test that the system will run and perform as it should—no blue screens—immediately upon recovery. We can even do SQL queries to test the database. And all this testing is 100% automated." William Higgins, Director of Solutions Architecture, VectorUSA
Automating your backups—along with the testing and validation of those backups—is one of the most cost-effective steps any organization can take to reduce their vulnerability to today’s mounting ransomware threat. It’s a particularly good fit for small IT teams since the procedures, once established, will demand so little time and effort from your staff.
Seeking reliable and cost-effective disaster recovery solutions? Look to the cloud
The advent of cloud services has been a game changer when it comes to making dependable disaster recovery services available to organizations with limited budgets. It used to be that you’d need to spend millions in order to have full failover capabilities: the only way to attain them was to build a full-scale data center at a secondary site. Only the largest and wealthiest of enterprises could afford to create redundant IT systems just to have them sit idle most of the time.
Today it’s easier than ever before to maintain offsite backups, and the pay-as-you-go pricing models offered by public cloud providers put full-featured disaster recovery capabilities—including data redundancy and well as all the compute and networking resources you’d need to rebuild a data center on the fly—within reach for even the smallest of organizations.
"Cloud providers now have automation and orchestration capabilities so powerful that, in the event of a disaster, you don’t even need to restore your data. You can just press a button to spin up an entire data center containing all the resources you need, at a moment’s notice. What used to take two to three weeks—in a best-case scenario—now can be accomplished in four hours." William Higgins, Director of Solutions Architecture, VectorUSA
Knowledge is power
The need for cost-effectiveness coupled with security is driving almost all of today’s IT decisions. Technology budgets are not growing, but organizations are aware that they’re confronting larger risks, and are looking to take a more focused approach to managing them—one that will give them a road map for attaining more robust security without increasing costs.
Many organizations begin their journey to the cloud for this reason: against the backdrop of today’s cyberthreat landscape, it’s becoming increasingly cost-prohibitive to keep all your systems on premises. But organizations seeking to gain the most value from every dollar that they spend on reducing IT security risks would do well to invest in non-technical solutions as well. Your employees have the potential to be the weakest link in your cyber defenses or your strongest bulwark against attacks, depending on their knowledge and habits. Although it’s relatively inexpensive, carrying out cybersecurity awareness training on a regular basis can have a big impact.
Ransomware’s sophistication and complexity make employee awareness all the more powerful as defensive weapons. Because of the differences in behavior among different ransomware variants, it’s not enough to simply turn off the affected machines and then immediately restore from backups—some strains are specifically designed to attack the backup copies of your data if you attempt to do this.
To be sure your systems are truly free from ransomware—which can often persist undetected in networks for months—you’ll need to call in an expert who can identify the exact type of malware that has attacked you. Today’s most dangerous ransomware strains were created by criminals who seem less interested in collecting money than in doing as much damage as possible to schools, businesses, and government. It’s critical to know exactly what you’re up against before you attempt to restore from backups.
Post Topic(s): RANSOMWARE | NETWORK SECURITY | CLOUD