60% of organizations have experienced a ransomware attack in the last 12 months.
A ransomware attack is the use of malicious software to restrict access to a computer system or data. If anyone tries to access the restricted system or data, they’ll find a ransom note demanding the payment of a ransom fee in order to restore access. Most organizations are not prepared for a ransomware attack, so they feel pressured into paying expensive ransom fees and recovery costs. Organizations that have done proper backup and recovery planning won’t feel pressured into paying ransom fees, because they’ve already prepared for an attack.
Why You Should Never Pay a Ransom Fee
- Paying a ransom fee perpetuates the cycle of ransomware. Cybercriminals will continue to carry out ransom attacks if it’s profitable, so by paying a ransom fee you’re contributing to the growth of the ransomware industry.
- There is no guarantee you will get your access or data back. Even after paying the ransom it is likely for a company to receive only part of their data, and then another ransom demand for the rest of it. Once you identify yourself as a company willing to pay, cybercriminals will take full advantage of that.
- Less than a third of companies that pay the ransom get their money back (Source: Courant). A company may pay a ransom expecting that the cybercriminal will be caught, and their money returned, unfortunately that rarely happens. If you pay a ransom fee, don’t expect to ever see that money again.
How To Protect Your Organization From a Ransomware Attack
Ransomware is most commonly delivered through social engineering. It only takes one employee to click a bad link or open a malicious attachment to allow the ransomware into your network. The best defense against a ransomware attack is a proactive one. Training your employees to recognize and avoid social engineering attacks will save your organization the time, money, and energy of responding to a successful cyberattack.
No organization, no matter how prepared, is 100% immune to cyberattacks. Establishing a security-minded culture with trained staff will drastically reduce the likelihood of a successful attack, but there is still a chance an attack will slip through the cracks. That small chance of failure is why backup & recovery is an essential part of an effective IT security plan. Proper backup & recovery planning can give an organization confidence that even if the worst-case scenario occurs, you can recover your data and systems with minimal cost and downtime.
How to Plan for Backup & Recovery
Critical Information Assets
Your organization’s information has financial value. You need to keep an inventory of your valuable information the same way you keep inventory of your physical assets. Start by creating a list, typically 5 – 15 items long, of your critical information assets. Examples of critical information could be your patent/copyright information, customer database, employee information, etc..
Critical Business Systems
Critical business systems are things you can’t reliably conduct business without. Maybe you have a warehouse with an inventory control system and an order processing and fulfillment system, those would be your businesses’ critical systems. Additionally, establishing which systems are critical will help you determine how much to invest in backing up each system up and its recovery priority.
Target Recovery Point Objective
An RPO (Recovery Point Objective) determines how often an asset needs to be protected. If that asset or system was damaged and you had to go back to your last recovery point, how much changed information would you potentially lose? Most organizations start with an RPO of one day just for purposes of building a plan. They can tune it economically from there. Tighter RPOs cost more money. Looser RPOs are generally more economic and appropriate for archives data. Each critical information asset and critical business system needs its own RPO.
Target Recovery Time Objective
Your RTO (Recovery Time Objective) sets a target for how quickly your system needs to be back up and running. Critical systems might have an RTO under a business day, less critical systems might have an RTO of a day or even a week.
Scheduled Auto-Backup Process
The right backup solutions are automated, they are monitored, they are regularly validated to prove that they’re ready to recover information if needed. Faster recovery capability usually means more planning, more testing, and more expense, but it’s all an economic choice. After figuring out your RPO and RTO for an asset, you can then set an economically appropriate backup and recovery process.
Secured Backup Storage
Experienced cybercriminals will attack visible backup systems, even before they begin attacking data and business operations, to increase the chances an organization will be coerced into paying an expensive ransom. It is crucial that you keep the location of your backup separate from the asset that it is backing up. If your backup is in the same network as the asset it is protecting, then it is likely your backup will be lost or damaged if that asset is attacked.
Ready Recovery/Restoration Plan
A backup plan is only effective if you have confidence that you can recover from it when needed, much like a security incident response plan. The process of restoring your critical assets from backup should be known, should be validated, and should be tested before it’s needed. Some restorations are easier than others; restoring a file is much easier than restoring an entire email system. Each assets restoration may face some specific technical challenges to resume operations and your IT team should know what to plan for.
By following the backup & recovery steps above your organization will be far more prepared for a ransomware attack, or any other IT security scenario. If you still have questions about ransomware attacks or IT backup & recovery contact an Aldridge representative with your questions or concerns and we can help!