In light of the near daily reports of ransomware
attacks in the US and abroad impacting companies of all sizes and in every
industry, cloud-based data protection company Infrascale has
created an e-book detailing the
five essential components that should be a integral part of every
C-Suite's ransomware protection plan.
"It is apparent that companies suffer significant losses as the result of data loss due to cyberattacks," explained Infrascale CEO, Russell P. Reeder. "However, they also suffer from loss of future business as we are seeing with the recent Accenture cyberattack. In addition to having threat detection and remediation plans in place, it's imperative for companies of all sizes to have an active backup and DR plan and to consistently revisit/revise that plan to help them get back up and running quickly after a breach. This crucial aspect of the cyber security process enables companies to avoid lengthy shutdowns and loss of business."
Here are the 5 Steps:
- Step
1: Identify
- Understand
the scope of your assets, systems, data, people, and capabilities.
Consider the risks to your organization, and the specific impacts of
different systems being rendered inoperable. Determine your approach
through an analysis, weighed against the desired risk tolerance of your
business.
- Step
2: Protect
- Create
safeguards that incorporate all the ways your business operates - they
must be appropriately sized, based on the assessment and risk tolerance
you conducted in step 1:
- Create Safeguards: A crucial
cybersecurity tenet, least privilege means giving people only the
permissions they need to get their job done. Role-based access controls
restrict system access to authorized users, and further restricts what
each user can access. Systems as well as users should both have least
privilege.
- Minimize Risks with Controlled Access
- Secure Endpoints
- Backup Data: Every organization needs a
comprehensive backup and disaster recovery solution. Disaster Recovery
as a Service (DRaaS) is a service model that provides backup and
recovery via the use of a third-party cloud environment, whereby all of
the disaster recovery functionality, including orchestration, are
provided as-a-service. Be sure your recovery plan also includes backup
for the data in your SaaS applications, endpoints, and servers
- Conduct Drills
- Educate Employees
- Step
3: Detect & Continually Improve
- Implement
the appropriate actions to identify abnormal or malicious activity in
your environment
- Monitor Constantly: Anomaly detection
can provide early warnings, enabling companies to quickly isolate a
ransomware infection, revert to a clean backup, and recover important
data before the entire network freezes
- Endpoint Detection and Response (EDR): As
bad actors continually adapt their attack techniques, they can be
successful in circumventing AV software. This is where EDR can help by
looking for bad behavior and alerting the end-user or administrator.
Earlier warning of infection increases response time to stop the spread
of the infection -and better yet - illuminate the exact timestamp of
infection so that the exact recovery point is known.
- Continually Improve: Info security
programs must be continually amended and updated.
- Step
4: Respond
- Develop
and practice an incident response program within your organization that
can be activated to help contain the impact of security events
- Determine When It Started
- Minimize Damage: Identify, isolate,
and remove the infected computer(s). Disconnect from the network
immediately, so ransomware cannot spread to shared drives and connected
systems.
- Inform employees: Ensure that all
employees are aware that a ransomware attack is in process and direct
them to the procedures needed to protect data. Provide a timeframe for
restoration of affected systems.
- Step
5: Recover
- Build
a cyber resilience program
- Restore the Data: Look for solutions
such as Infrascale Cloud Backup (ICB) that are easy to deploy, install,
and manage directly from one unified console
- Prevent Reinfection: Ensure
complete removal of the ransomware to avoid a continuous infection cycle.