Five steps CIOs can take to protect organizations from ransomware
- Published: Tuesday, 20 September 2016 08:24
While organizations wrestle with the issue of whether to pay or not to pay if they are impacted by ransomware, Logicalis US suggests CIOs focus on how to protect, thwart and recover from a potential attack.
“Ransomware has become one of the most sophisticated criminal enterprises the world has ever seen,” says Ron Temske, vice president, Security Solutions, Logicalis US. “As anyone in the business of cybersecurity knows, we’ve long battled those who simply wanted to create chaos and disruption. We’ve seen nation states attack both military and civilian targets and ‘hacktivists’ who act for various social causes. But ransomware is different in one key way: It’s all about the money. Ransomware is a business, complete with sophisticated cybercrime-as-a-service offerings and world-class customer support to ensure its victims’ files are returned expeditiously once the ransom is paid. It’s a service business approaching $1 billion in annual revenue, something that would be heralded as an accomplishment if it weren’t based on such nefarious principles. The business of ransomware has even spawned a network of affiliates that provide redirection of an exploit kit for a cut of the profits.”
Five ways to respond to the threat from ransomware
To be ready for an attack before it happens, to detect and stop it while it’s happening, or to recover from it after it happens takes planning. To help, Logicalis’ security experts have compiled a list of the top five ways to respond to the threat ransomware poses today:
1. Create a modern defense / defence: traditional signature-based anti-virus solutions are good to have, but they aren’t up to the job of thwarting a sophisticated ransomware attack. Neither is your traditional stateful firewall. As a result, it is critically important to plan for the possibility of an attack by developing comprehensive visibility and access to extensive details on how the malware entered the organization’s environment in the first place. IT pros who are serious about heading ransomware off at the pass should focus intently on modern next-generation anti-malware and firewall solutions that can stop an attack before it starts.
2. Take an architectural approach: in some limited situations, point solutions can be effective, but not with ransomware. The most effective way to address the threat posed by ransomware and other pervasive cyberattacks is to take a holistic architectural approach to security that encompasses the entire network including its systems and endpoints as well as the organization’s cloud and mobile strategies. Because so many of today’s threats are automated, solutions that rely on human intervention to detect and respond are neither affordable nor effective, making automation and orchestration key principals in a solid security architecture design.
3. Prevent the spread of malware: if an attacker’s malware does enter the network, it has the ability to spread like a fast-moving cold among passengers on an airplane. The key at this stage is to compartmentalize data using network micro-segmentation strategies that make it more difficult for malware to spread laterally within the environment.
4. Plan your recovery: the unfortunate truth is, despite the security industry’s best efforts, no organization is entirely immune to attack. Therefore, it’s critical to examine how the organization will recover if it is breached. First, be sure you’re backing up. Second, test, test and re-test the backup and restore process; a backup is only valuable if the data can actually be restored when it’s needed. It’s also important to ensure that the restore can be done at the system level since file-based recovery may not be enough. Consider, too, how much redundancy is required; if the organization is hit, do you have an uncorrupted source from which you can immediately recover? And be sure to weigh the costs of various solutions against the cost of potential loss or downtime – not all data is equally valuable, which means not all data needs the same level of protection.
5. Create a pay or no-pay policy: finally, the big question; to pay or not to pay? No vertical market is having a tougher time facing this question than healthcare is today; whether it’s critical patient-care data that hackers hold hostage or the threat of hefty regulatory fines imposed when protected patient health information (PHI) is breached, healthcare organizations have become prime targets for ransomware attacks. Before any organization – healthcare or otherwise – pays a ransom, examine how much damage will be done if you don’t pay. Do you have an uncompromised data backup from which you can restore? What is the cost to restore vs. pay – both monetarily and in terms of the business’ ability to function in the meantime? Ultimately, the decision comes down to how business-critical the compromised data is to the organization. If you do decide to pay, negotiate. In most cases, you can talk the price down, so it may make sense to consider not paying the first amount offered.