Earlier this month, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory on potential sanctions risk for companies that facilitate ransomware payments. This means that organizations that facilitate ransomware payments or negotiations could face fines if they are made to attackers who are already under U.S. economic sanctions. The reasoning behind this advisory is, whether intentional or not, these payments can threaten national security interest by inadvertently funding groups or activities against U.S. security.
The FBI has long warned against paying ransoms since doing so encourages more crime and does not ensure data recovery. But announcements like this one are a stark reminder that ransomware is on the rise and getting more sophisticated–and people are still willing to pay. In fact, the FBI estimates that cybercriminals earn $1 billion annually. Adding to the pressure, IT organizations are often asked to protect more systems and support new data use cases while operating with less people and resources.
It’s not all bad news. By investing proactively vs reactively in the right data protection strategy, organizations can guarantee ransomware recovery without having to pay a cent to attackers. What does the “right” approach look like? With 20+ years as a security practitioner, I’ve seen a lot of different approaches to data protection (some better than others). Here are the top considerations I recommend to anyone planning their ransomware remediation strategy:
Operate with a Zero-Trust Mindset
To combat internal and external security threats, organizations need to adopt a zero-trust architecture. At a base level, this means that no person or device, both inside and outside the network, is automatically granted access to a system. Rather, there is strict identity verification for anything trying to access your systems, which goes against the ol’ castle-and-moat approach of focusing solely on preventing unauthorized access from outside the network. Zero-trust is especially important as data grows more fragmented across multi-cloud and hybrid cloud environments.
Backup Is The Only Fail-Safe Measure
Having strong preventative measures in place is as important as ever. But, as supported by the recent OFAC advisory, these measures are often not enough. That’s why many ransomware victims are stuck with the tough choice of either crossing their fingers and paying the ransom or saying goodbye to all compromised data.
Backup is the best way to maximize success of recovery from a ransomware attack without any data loss or ransom payment. Not just any backup solution can support this, though. To effectively defend against ransomware, backups must be frequent and extend across your entire environment, ideally in an automated fashion. Immutable backups can ensure your backup data is never compromised. Being immutable means that once data has been written, it cannot be read, modified, or deleted by clients on your network.
Forward-invest in Data Protection
To truly defang the cyberattackers behind ransomware, you need to invest properly in your strategy. Many organizations are hesitant to update their backup and recovery solution due to the upfront costs. In reality, not doing this will be exponentially more expensive. For companies that are unable to recover from a cyberattack, updating their data protection solution post-attack is a “non-negotiable” to prevent becoming a repeat victim. The caveat is that making this investment reactively, rather than proactively, comes with the additional cost of losing critical data, revenue from downtime, and customer trust.
Looking to dive even deeper into the future of risk management? Security experts from leading companies recently got together to share insights and best practices at the 2020 Data Security Summit. I suggest checking out my fireside chat with FireEye CEO Kevin Mandia, where we chatted about how to build a secure organization in the changing technology landscape, and why data resilience through innovative backup and recovery has to be part of your cybersecurity strategy.