We recognize this is an unprecedented time for you, your family, and your community as well as for your business and employees. As we all do our best to navigate the uncertainties and constant changes associated with the Coronavirus pandemic, certain aspects of our business operations should be getting a closer look because this is when the bad guys are working their hardest. We hope this information assists you in keeping your business’ cyber defenses at a heightened state.
You’re up, ready to go, enjoying your first cup or glass of whatever you drink before your workday begins when the phone rings. It’s your IT Manager, with clear and audible panic in their voice. After you get them to calm down, you ask that one clarifying question, “What’s going on?” The reply – “We can’t access any of our systems!” As the conversation continues, you realize that you’ve been hit with a ransomware attack.
How did this happen? I think too many of us still have this vision of an end user, sitting at their workstation, clicking a malicious link in an e-mail, and their workstation instantly displays the skull and crossbones, flashing red, with a countdown timer, and a message that says your files have been encrypted, and you have a diminishing amount of time to pay the ransom to get your files back or they’ll be gone forever. While that scenario does still play out, today’s ransomware attacks are often far more sophisticated. Ransomware can sit dormant and undetected, just waiting for the right time to ruin an otherwise great day. Attacks have become more sophisticated too, like Advanced Persistent Threat (APT) techniques that include stealthy network reconnaissance and targeted delivery mechanisms.
What can you do?
We’ve all heard the phrase “it takes a village.” To protect your business from ransomware, it’s going to take a village – one made up of strategies and mitigation efforts to help totally protect your business from the bad guys.
I still find it strange how businesses that are hit with ransomware are vilified. If you’re a financial institution, and you get robbed by armed, masked, unknown perpetrators entering your lobby, you’re viewed sympathetically by the public. What a horrible experience! I hope everyone is okay. Why is a ransomware attack viewed differently? Your FI has still been robbed by armed (with technology), unknown perpetrators, and the media piles on that you’ve somehow invited this on yourself by doing something wrong. And, what if that attack isn’t directly against your business, but against a critical service provider that your business is using that causes a major disruption for your business? Does the media, or even more importantly, your customers draw a distinction, or is it simply that in their mind, you’re down? Is it reasonable to think that your customers should recognize that granularity between a problem of your business vs. a problem of one of your business’ service providers? Probably not! In this current era of fear, uncertainty, and doubt, customers would just recognize that your business has an issue.
How do you prepare for the inevitable?
Besides the generic bad guys that are out there, we now have Nation States participating and backing criminal groups. The thought of who is out there to get you can be overwhelming.
But one thing is clear: No matter how far you have to go on your journey to total protection, you won’t be going anywhere until you start.
Once you’ve completed your risk assessment and business impact analysis for your critical and non-critical systems, one of the best things you can do is make sure that all your data is backed up and offsite using an enterprise level backup and recovery solution. There are lots of options in the marketplace, and not all are created equal.
Make sure you can answer these 6 questions:
Where is my data going that is outside of our own walls?
- If you answered, “to the cloud”, which cloud and where?
- How many times is your data replicated to other cloud locations and where are they?
How is my data outside of our own walls being protected?
- Encrypted? Just in transit, or also at rest?
How many iterations of our data do we have outside?
- 7 days? 30 days? 1 year?
- Once a day? Once an hour? More frequently than that?
How frequently are we testing recovery to know that our data will perform as expected?
- Once a quarter? Twice a year? Once a year?
- Anything less than annually is non-compliant according to the regulators!
What safeguards are in place with our cloud provider to protect our data?
What independent information exists about my cloud provider or the technology they are using?
- Think SOC reports and industry recognition.
If you don’t like the current answers to the above questions, there’s no better time than now to do something about it. It doesn’t matter how sophisticated your cyber-prevention program is if you don’t have protected and recoverable data.
The first step: While a multi-layered approach is critical in today’s world to combat cyber terrorism, one of the easiest places to start is by ensuring your data is offsite, retained for extended periods of time, and replicated to more than one location.