Every business needs a cybersecurity strategy. No company or industry is fully protected against an attack; but with careful planning and the right partners, your company can secure a solid defense.

Jeff Judy, Recovery Point’s Chief Cloud Architect, recently participated in a webinar with Veeam and ActualTech Media on ransomware protection. Following is a recap of the session.

Recent Statistics

51% of the organizations in America have been hit

80% of the attacks were zero day attacks – which are very difficult to defend

Average cost of an attack is $8.4 million

More and more client data is published to the web

How the Attackers Get In

Attacks often aren’t an isolated event. First, the bad actors penetrate a network, and start stealing credentials until they can take control of critical accounts. Then, they methodically begin to take out the backup consoles, which provide a great roadmap for the storage location of sensitive application data. Their goal is to steal the data. Malware is deeply embedded, and the attackers wait (sometimes months) before they launch. This period is called dwell time.

After an attack, it’s not only about retrieving your data back, but also getting the applications up and running again. Organizations need a comprehensive approach to digital resilience, which includes 1) instituting a solid plan for any cyber event, and 2) good backups.

Most experts advise not to pay the ransom. These criminals will just come back and hit over and over again.

After an attack, your systems are considered a digital crime scene, and you often can’t use them. It’s imperative that your organization has a method to back up data and keep it offsite, and determine new network resources to get back online.

This is where Recovery Point can help. We provide alternative DR facilities and resources to help get your business back online as quickly as possible.

NIST Cybersecurity Framework

There are additional steps organizations can take to protect data. A very useful model is the NIST Cybersecurity Framework. Cybersecurity Framework Version 1.1 identifies security objectives that support preventing, responding to and recovering from ransomware events. The profile can be used as a guide to managing the risk of ransomware events.

The framework provides a common language for all teams which builds understanding and a better defense. Below is an outline:

  • 1. Identify: asset management, business environment, governance, risk assessment, risk management strategy
  • 2. Protect: access control, awareness training, data security, information protection processes and procedures, protective technology
  • 3. Detect: anomalies and events, security continuous monitoring, detection processes
  • 4. Respond: responsive planning, communications, analysis, mitigation, improvements
  • 5. Recover: recovery planning, improvements, communication

Five Ransomware Protection Best Practices

Veeam recently published white paper called Five Ransomware Protection Best Practices, which is a great resource for backup administrators, site reliability engineers (SRE) and technology management professionals.

Following are some strategies to slow down an cyberattack:

  • Advanced threat protection
  • Security templates (try the Center for Internet Security)
  • Don’t use a single active directory domain
  • Zero trust model (silo domains with the least privileges)
  • Offline, immutable or air gapped backups
  • Production storage snapshots through storage vendors
  • People – most important, but often overlooked – encourage them to be diligent; educate staff; use vendors and ask for help

It’s important to always enhance and refine your organization’s digital resilience. By preparing in advance, you can align to a framework that provides a reliable strategy when operations are disrupted.

Click here to view the entire webinar: Ransomware Protection: How to Recover Your Business with Veeam & Recovery point – YouTube

You Might Also Like

Leave a Comment