It’s Time to Attack Your Ransomware Recovery Strategy

For healthcare organizations, experiencing a cyberattack is no longer a matter of if—it’s a matter of when. Developing a clear ransomware recovery strategy is your best defense. 

Our free Cyber Attack Survival Guide for Healthcare lays out the plan of attack needed to have a fighting chance against ransomware. This survival guide features essential information, including:

• The growing threat of cyberattacks in healthcare
• How healthcare customers use Zerto to recover in seconds
• The key to rapid ransomware recovery to dramatically reduce downtime and data loss  
  

Without a ransomware response plan, your organization remains vulnerable. Download your Cyber Attack Survival Guide for Healthcare now—it’s free!

Online passwords are used for many critical aspects of our lives. They are needed when we communicate, work, transact and travel. We use them to access our most sensitive data, from banking to health records. Digital passwords are the keys to our lives. Yet we are surprisingly negligent about password protection, from our choice of passwords to the means we use to remember them, and troublingly, our willingness to share sensitive passwords with others.
Keeper Security’s survey of 4,000+ respondents in the US and UK unearthed negligent attitudes toward password protection, in which passwords are being shared with spouses, written down on bits of paper, changed too often, and forgotten over 50 times per year! The result: nearly half of our 2,000 US survey respondents had been hacked at least once, with an average of $378 stolen per cyberattack. The consequences of poor password protection can be disastrous in an era of growing online crime and identity theft. A hacked password can result in ransacked bank accounts, obliterated credit ratings, damaged personal lives and severed business relationships.

Our findings show a troubling disconnect between the value people attach to their passwords and the means they use to protect them. In the US, people would rather see a dentist than lose their passwords, yet safe selection, storage, and management of passwords were found to be severely lacking in this study.

It is of great concern to see passwords being shared and duplicated across multiple platforms. It’s equally concerning to see the use of overly simple passwords, relying on publicly-available data, such as names and birthdays. This will remain an acute challenge as we continue to use a range of devices and platforms to access the internet. The impact of poor password protection was evidenced by the number of people in the survey reporting they’ve personally fallen victim to a cyberattack, resulting in financial loss and compromised social media profiles.

Cybersecurity is now recognized as a key priority for U.S. businesses. However, cybersecurity threats are evolving as risks, and the responses necessary to mitigate them, change rapidly. Staying a step ahead of bad actors is a continuous challenge and businesses—despite their intentions to do so—aren’t always keeping pace.

To solve this problem, IT leaders must understand why. They need answers to questions such as, how is cybersecurity transforming? How are cyberattacks harming businesses? Where must investments in preventative training and tools be focused? Is cybersecurity being prioritized by leadership? And how does cybersecurity fit within organizational culture?

In partnership with Sapio Research, Keeper Security analyzed the behaviors and attitudes of 516 IT decision-makers in the U.S. to answer these questions and more. This report, Keeper’s second annual U.S. Cybersecurity Census, maps the transforming landscape of cybersecurity based on these expert insights. It provides leaders with a forensic assessment of the threats their businesses face and details the urgent strategies necessary to overcome them.

Businesses across the U.S. are making cybersecurity a priority. However, despite efforts and investments, clear gaps remain. Our research shows that there have been small steps, but no giant leaps.

The volume and pace at which threats are hitting businesses are increasing, and leadership can’t afford to wait. If they do, the financial, reputational, and organizational penalties will be severe. Likewise, as work has transformed dramatically over the past two years—with hybrid and remote working normalized— companies need to rethink how they are building cybersecurity resilience.

Research finds PAM solutions are too complex with 68% of organizations paying for “wasted features” that are rarely used. A global survey of 400 IT and security executives conducted in January 2023, by Keeper Security in partnership with TrendCandy Research, reveals an overwhelming industry desire for Privileged Access Management (PAM) solutions that are easy to deploy and maintain.

The findings show that traditional PAM solutions are falling far short, largely because they are too complex to implement and use. An overwhelming 84% of IT leaders said they want to simplify their PAM solution in 2023. In the current high-risk security climate, it is imperative that all organizations secure their privileged credentials, privileged accounts, and privileged sessions to protect their crown jewels. However, many traditional PAM solutions are failing to provide their intended value outside of these core use cases, because deployment is either too complex, too cost-prohibitive, or both. In the era of remote work, organizations need agile identity security solutions that can protect against cybersecurity threat vectors by monitoring, detecting, and preventing unauthorized privileged access to critical resources.

Keeper Security, a leading innovator in privileged access management, wanted to better understand how IT leaders are thinking about PAM, deploying their PAM solutions, and streamlining their PAM implementations. Keeper commissioned an independent research firm to survey 400 IT and data security leaders in North America and Europe about their strategies and plans for PAM in 2023.

There is no getting away from the fact that passwords are still the cornerstone of modern cybersecurity practices. Despite decades of advice to users to always pick strong and unique passwords for each of their online accounts, Keeper Security found that only one-quarter of survey respondents actually do this. Many use repeat variations of the same password (34%) or still admit to using simple passwords to secure their online accounts (30%). Perhaps more worryingly, almost half (44%) of those who claimed all their passwords were well-managed also said they used repeated variations of them. One in five also admitted to knowing they’ve had at least one password involved in a data breach or available on the dark web.

At first glance, these results may come as a shock, especially to those in the cybersecurity industry who have been touting these simple best practices for years. However, when considering more than one in three people (35%) globally admit to feeling overwhelmed when it comes to taking action to improve their cybersecurity, and one in ten admit to neglecting password management altogether, the results are much less of a surprise.

Cybersecurity is a priority and cybersecurity solutions must also be. The threat landscape continues to expand as our lives shift from in-person banks, stores, and coffee shops to online banking, internet shopping, social networking, and everything in between. We have never been more dependent on our phones, computers, and connected devices, yet we are overconfident in our ability to protect them and willfully ignoring the actions we must take to do so. Perhaps we need more people to admit they’re as careless as a bull in a china shop, burying their heads in the sand like an ostrich or simply paralyzed with fear. Facing reality and coming to recognize what’s at stake, they can more confidently charge forward and take the necessary steps to protect their information, identities and online accounts.

Cyberattacks and ransomware target backup data in 93% of incidents. Despite being primary targets for ransomware and data exfiltration, existing Zero Trust frameworks often overlook the security of data backup and recovery systems.
 
Zero Trust Data Resilience (ZTDR) is an innovative model that extends Zero Trust principles to data backup and recovery. Developed through a collaboration between Numberline Security and Veeam, ZTDR builds on the Cybersecurity and Infrastructure Security Agency's (CISA) Zero Trust Maturity Model (ZTMM).  
 
This framework provides a practical guide for IT and security teams to improve data protection, reduce security risk, and enhance an organization's cyber resilience.
 
The primary principles of ZTDR include:

• Segmentation — Separation of Backup Software and Backup Storage to enforce least-privilege access, as well as to minimize the attack surface and blast radius.
• Multiple data resilience zones or security domains to comply with the 3-2-1 Backup Rule and to ensure multi-layered security.
• Immutable Backup Storage to protect backup data from modifications and deletions. Zero Access to Root and OS, protecting against external attackers and compromised administrators, is a must-have as part of true immutability. 
  

The white paper "Zero Trust and Enterprise Data Backup" details these principles and offers practical steps for implementation. 
 
What You'll Learn:

• Security Enhancement: Core Zero Trust principles applied to data backup.
• Implementation: Best practices for infrastructure segmentation and resilience zones.
• Applications: Case studies on mitigating ransomware and cyber threats. 
  

Download the white paper and start your journey towards Zero Trust Data Resilience.

Heidenreich had challenges with their Citrix platform due to a combination of old and new DELL and Wyse hardware, laptops, and thin clients. When the company was expected to upgrade its Citrix platform to a new generation, the firm expressed concerns about the perceived high cost. Heidenreich started to look for an alternative solution, and their IT consultancy provider, Wedel IT, came up with the idea to implement IGEL OS. This case study focuses on IGEL’s ease of management, flexibility on the client side (new/old hardware), future-focused solutions, and security.

In today's evolving threat landscape, organizations face significant challenges in securing their data and maintaining business continuity. Ransomware attacks in particular, pose a major risk that requires a robust, comprehensive defense strategy.

In this webinar, experts from HYCU, Nutanix, and Nutanix IT discuss best practices and solutions for achieving resilience, security, and recoverability. Learn how to boost your organization’s resilience, leverage cutting-edge tools, and ensure your business is prepared for any data challenges that come your way.

Attendees will come away with a playbook for building a tested business continuity and disaster recovery (BCDR) plan.

Key topics include:

• Implementing the NIST Cybersecurity Framework for a robust Business Continuity and Disaster Recovery (BCDR) plan.
• Utilizing a multi-layered strategy to guarantee prompt recovery.
• Actionable best practices and insights from the Nutanix IT team.
• The importance of testing your recovery readiness to maintain business continuity.

Making the right investment in cybersecurity is crucial to understanding the balance between smarter spending and smarter recovery.

You will learn:

• The critical role of strong cyber resilience and data integrity play in thwarting ransomware attacks.
• The cost-saving potential of data recovery and reduced downtime, and advocates for prevention and swift recovery.
• How an SLA in detecting corruption can fortify cyber resilience and effectively combat ransomware threats.