Recovering from ransomware is a long-term commitment -- and a long-term expense
According to Forrester, nearly two-thirds of organizations (63 percent) were breached by ransomware in 2021, up 4 percent from the previous year. Recovery was a long, hard road for many of those enterprises -- while for others, the downstream effects of ransomware were ultimately insurmountable. The alarming rise in ransomware must guide IT leaders' cybersecurity decisions in 2023.
Why is ransomware on the rise? For one, bad actors are becoming far more advanced and prolific. Ransomware gangs continued to make headlines in 2022 for their high-profile attacks and advancements in post-breach encryption. On the other end of the spectrum, the barrier to entry for ransomware is lower than ever before. Ransomware as a service (RaaS) -- which allows bad actors to deploy ransomware for a fee -- has ushered in a new generation of hackers who can target enterprises of all sizes despite their relative inexperience with cybersecurity protocols.
Ransomware attacks are not only likely but inevitable in this threat landscape. And as bad actors sharpen their skill sets, breaches become even more costly. According to Statista, the average ransomware breach led to 22 days of business interruption in 2020, during which time organizations were less productive and generated less revenue. Perhaps even more damaging: consumers are becoming more aware of cybersecurity malpractice. Last year, consumers reported losing more than 67 percent of their trust in an organization after a data breach.
IT leaders must set their organizations up for success by prioritizing ransomware protection and response strategies. Here’s where to get started -- and how to avoid a breach in the first place.
What to expect when navigating a ransomware beach
Drafting a business continuity plan before a ransomware attack can make the difference between minutes and weeks of interruption. That's because leaders with a firm grasp of response protocols can significantly reduce their organization's mean time to detect (MTTD) and mean time to respond (MTTR) to ransomware. In other words, a well-prepared cybersecurity plan allows organizations to resume regular business operations much more quickly.
Ideally, a third-party managed services provider (MSP) will walk leaders through the ransomware response process. But here are a few key steps to remember.
Report the extent of the breach, both internally and externally
This first step is crucial. Before interacting with any individual device, take extensive notes about the nature of the ransomware breach. Pertinent information includes affected devices, the extent of the damage and the ransom amount. Once this information has been collected and distributed to the appropriate internal parties, IT leaders should consult with legal counsel to discuss any legal requirements, based on the type of data affected.
Isolate, address and restore infected devices
Determine which devices have been affected but do not interact with these devices yet. Even turning off an infected device may exacerbate the spread of ransomware. Instead, inform the appropriate party in the IT department or work with an MSP to proceed cautiously with containment, eradication, and recovery processes. Always take into account legal concerns which may require forensic investigation and reporting of any breach activity.
Plan for the future
Following the advice of legal counsel will inform communication steps. Steps may include notification to essential stakeholders, including customers and investors. Whether by email, phone or in-person meeting, notify stakeholders of the breach. Leaders should include relevant information about how the problem has been or will be resolved in this message.The legal team should be part of this step, as certain disclosures may be required by law. Finally, gather information about the breach and draft a robust ransomware protection strategy to thwart future attacks. Lessons learned from this event can help mitigate future events.
How to thwart ransomware attempts before they become costly
It’s safe to say no IT leader wants to navigate the aftermath of a ransomware breach, which can include lost customer loyalty, stagnant revenue and critical data loss. But there is only one reliable method to thwarting an attack: robust and proactive cybersecurity.
Furthermore, even if an organization with a ransomware protection strategy is breached, it will likely experience less damage. According to industry research, 75 percent of breached organizations experiencing "no impact" on operations in 2022 had a mature cybersecurity program. In comparison, only 18 percent of organizations with no ransomware protection strategy reported "no impact" on productivity following a breach. And according to IBM, organizations with a mature zero-trust security framework lost about $1.5 million less than their breached competitors in 2021.
Ransomware protection comes in many forms, so IT leaders should be prudent in selecting their organization's specific security measures. For example, particular cybersecurity or data storage regulations may apply depending on an organization's industry or the nature of its data. A leading MSP will walk leaders through this process in detail. However, in general, leading protection plans should adopt the following measures.
- Zero-trust security frameworks, including multi-factor authentication (MFA) and single-sign-on (SSO) protocols
- Immutable backups
- Multi-cloud functionality, with the expertise to operate on-prem, in the cloud or hybrid
- Continuous penetration testing to vet security on an ongoing basis
Generally, a ransomware protection as a service (RPaaS) package will include all necessary protocols and precautions.
Do not wait for the inevitable
Regardless of the particulars, IT leaders must consider enacting a strengthened ransomware protection plan today. Leaders looking to fortify their organization's cybersecurity posture should consult their internal Head of Cybersecurity or speak to a third-party vendor about their organization's security framework. Remember: organizations that haven't been breached in the past twelve months are in the minority. Attacks are a given -- the only question is how much an organization stands to lose.
Image credit: Andrey_Popov/ Shutterstock
Allen Jenkins is the Chief Information Security Officer and VP of Cybersecurity Consulting at InterVision, a leading managed services provider, delivering and supporting complex IT solutions for mid-to-enterprise and public sector organizations throughout the US.