How to Build a Multilayer Ransomware Defense for a Business
There is little doubt that ransomware remains a clear and present danger for businesses. The most recent Verizon Data Breach Investigations Report indicates an alarming 13% rise in such attacks in the past year alone. However, out of all the different types of cyberattacks businesses must defend against, ransomware is the one with the most options available for mitigation.
If businesses take proactive steps, they can safeguard their data against attackers. Additionally, they can create fail safes that ensure the continuity of operations in the event of a ransomware attack. To elaborate, here is a deep dive into the ransomware threat, along with advice on how businesses can create a multilayer ransomware defense.
Understanding the Ransomware Threat
The reason ransomware is such a major threat is it places unprepared businesses in a no-win situation. When an attacker seizes control of business data, they will request a ransom to unlock it. The punishment for not paying the ransom is having said data leaked to the public or sold to the highest bidder.
It is a devil’s bargain, however. The fact is, even when targeted businesses pay the ransom an attacker demands, they typically only end up recovering about 65% of their data, on average. It gets worse. A reported 80% of businesses which paid a ransom in response to an attack were re-victimized shortly thereafter. It is easy to understand why—if an attacker knows a business will pay, why take a chance on a new target?
The only way for businesses to respond successfully to a ransomware attack is to remove the attacker’s leverage. To do it, they must have some prepositioned defenses they can activate when necessary.
End to End File Encryption
Oddly enough, one of the tools that makes ransomware possible is also key to fighting it. Businesses which embrace data encryption are much less vulnerable to ransomware attacks. It won’t stop the attacks themselves, mind you. It will, however, guarantee that the attacker has less to hold over the business as leverage.
The concept is simple. The main threat of ransomware is that the targeted business won’t get its data back, and that it will instead end up in the public domain or the hands of other bad actors. However, if a business keeps its valuable data always encrypted, anything the attacker steals becomes useless to them.
The only caveat is that it is critical for businesses to keep their encryption keys safe by storing them offline or in another form of hardened storage. Encryption’s value as a ransomware defense disappears if the keys get stolen in an attack, as well.
Critical Infrastructure Mirroring
Another key component of a prudent ransomware defense is a tactic called critical infrastructure mirroring. It may sound simple. However, it requires careful forethought to execute. In short, it means maintaining complete, ready-to-use duplicates of critical data and systems. The idea is to have a ready replacement for all machines that figure heavily into a business’s operations.
That can be different things to different businesses. A manufacturer, for example, might need hot spares of machines that edit and deliver CAD files and machines which handle machinery automation. Having standby duplicates of those machines can enable the business to keep operating in the face of a ransomware attack, further undermining the attacker’s leverage.
Businesses must plan for this eventuality with great care. They will need to create a process to keep their spare hardware up to date with the latest software and data needed in an emergency. However, the process can’t happen on the main business data network. That would put the spares at risk of attack, exactly like the machines they are meant to replace.
One way to do this is to conduct scheduled whole-system backups of critical hardware to portable media which is stored offsite. That way, recovering from a ransomware attack becomes as simple as deploying the last-known-good image of a machine to its backup hardware. Then, business-critical work can continue while the business works through its other mitigation efforts.
Cloud Backups with Versioning
Businesses can further protect themselves from the threat of ransomware by using a cloud backup service to safeguard their most important data. The key to doing so is to choose a cloud backup service which allows for file versioning. This will ensure that a non-infected copy of critical data will always be available.
File versioning is a way of instructing backup software to keep multiple copies of the same files as they existed on different days. In practice, this allows businesses to reach into their backup to restore any protected file as it was on any retained backup day. With a long enough trail of file versions, that means businesses can almost always restore their critical data by going back to versions from before an attack.
Of course, cloud backups with versioning aren’t perfect. That is because ransomware attackers know that a working backup could thwart their efforts. So, it is not uncommon for an attacker to infiltrate a business’s systems with ransomware, and then wait weeks or months before triggering it. In those situations, only backups with extraordinarily lengthy versioning trails will help.
Real-time Ransomware Detection and Removal
Lastly, businesses should deploy an endpoint security solution that includes real-time ransomware detection and removal capabilities. While they’re never perfect, such solutions can drastically reduce the risk of a successful ransomware attack. The important thing is that in concert with the measures detailed above, a ransomware scanner does not have to be perfect.
There are a many options businesses can choose from, depending on their specific needs and budget. Critically, even the least performant among those options is still worth deploying. Any reduction in the odds of ransomware infiltrating a business’s systems is worth pursuing. Also, as many of today’s ransomware detection tools meet new threats, their effectiveness grows. Although nobody wants their business to become a teaching moment for an anti-ransomware tool, this is the only way that businesses can contribute to the fight against ransomware.
Safe From the Ransomware Threat
By deploying a multilayer ransomware defense, as described above, businesses can position themselves to avoid ransomware attacks and recover quickly if one occurs. It is one of the few areas of cybersecurity where businesses can take the initiative over attackers—if they are proactive.
Additionally, Outsource IT can help. We are experts at crafting solutions for even the most difficult cybersecurity environments. So contact an Outsource IT account manager today to ask about our comprehensive business security solutions.