July 8, 2023 | By Greg Dougherty
Ransomware and cyberattacks are on the rise, and that’s a deeply concerning thought for technology leaders. Considering what a breach could cost, and how long it would take to rectify, it’s no wonder risk mitigation and response is at the forefront of every CTO’s mind.
Ransomware is a type of malicious software that blocks access to a computer system or encrypts files until a ransom is paid. It’s often spread through phishing emails or infected websites.
Cyberattacks are any type of attack that uses a computer network to disrupt, disable, or gain unauthorized access to a system.
Both can be carried out by individuals, groups, or nation-states and can result in data loss, financial damage, or even loss of human life.
Clients like you are asking:
“We have a solid backup strategy. What else can we do to prepare– and what do we do when the attack actually happens?”
Prevention is always the best medicine, but in this case, you can’t be too careful. Here are some tips on how to decrease your risk and what you should do if a cyberattack does happen:
Read More from Opti9: 10 Cloud Security Best Practices to Memorize
Prepare For a Cyberattack Before it Happens
Cyber insurance
Cybersecurity insurance protects organizations against financial losses yielded by cyber incidents, including data breaches resulting in theft, system hacking, ransomware, etc.
Without cyber insurance, you will have difficulty finding good recovery specialists to help you, as many are employed by cyber insurance organizations. Staffing in the cyber industry is much like every other industry, short on help. With ransomware on the rise, the level of expertise on every project, or within every company, can not be guaranteed.
With that said, implementing BaaS and DRaaS can lower your cost or potentially eliminate the need for insurance altogether. Speak to your service provider on their recommendations to ensure you’re fully protected.
Designate reserve communication channels
In the event of a cyberattack or data breach, it’s likely your primary communication channels will be affected as well. Ensure your company has reserve communication channels registered with your IT vendors so you can open a support case and start the recovery process.
Easy solutions to this are free email accounts from Gmail or another provider completely external from your own system, and an independent cell phone line.
Regularly test your backup strategy
Don’t wait until you need it to find out it doesn’t work.
Make sure you have a solid backup strategy in place– and that you regularly test it to make sure it’s working. If your files are encrypted by ransomware, for example, you’ll need to be able to restore them from your backup.
Plan a backup storage system hardware
This is a consideration easily overlooked until you’re already experiencing a cyber disaster. Law enforcement agencies will likely take your physical hardware as a part of the evidence when you file a report. It’s important not only to have a good backup in place but also to have a place for your data to be recovered to.
Physical hardware isn’t cheap, and with supply chain issues, it may be difficult to even get your hands on. In most cases, IaaS is the only viable option. Luckily, Opti9 allows you to restore directly to public cloud platforms such as AWS. This will also allow you the opportunity to get all required networking in place so there are no surprises later.
Discuss and test your plans with your team
Communication is crucial. Encourage your team to report anything suspicious, especially if they’ve accidentally engaged with a threat. People are the most likely vector of an attack, so their level of awareness can either be your greatest asset or greatest liability. Communicate and test your response plans, and make sure everyone is clear on their roles.
Train Your Employees: One of the best ways to protect your company from a cyberattack is to properly train your employees. They need to be aware of the different types of attacks, how to spot them, and what to do if they encounter one. You should also have a contingency plan in place in case an attack does happen. This plan should include instructions for employees on how to respond and who to contact.
Create a Security Policy: It’s also important to have a security policy in place that outlines the rules and regulations for employee behavior online. This will help to ensure that employees are following best practices and are less likely to fall for a phishing attack.
Stay Up to Date with Security Updates: Make sure you’re always up to date with the latest security updates. Many of these updates are designed to fix vulnerabilities that could be exploited by hackers. If you don’t update your software, you’re leaving yourself open to attack.
This is also an excellent time to evaluate risk exposure and minimize your attack surface. Evaluate how many employees have access to your secure data and whether the level of access is warranted. Encourage password changes to ensure security.
What to Do Once An Attack Is in Progress:
Pull all affected data offline to minimize the damage. Some find it difficult to react quickly in the moment of impact, but this is a critical step that must be deployed immediately. Once your data is breached, hackers can stream your critical production data out of the environment and potentially leak or extort your organization with its disclosure later.
Report the attack to your critical infrastructure vendors. It’s not a matter of if but when; at some point, you will need their assistance. Report the concern as soon as you can to mitigate risk and establish a timeline. Don’t forget to provide the backup communication channels you’ve established so they can reach you while your systems are down.
Pause before restoring backups. A cyberattack usually takes place in two parts: an intrusion, and then an actual attack. It’s not unusual for security specialists to find that ransomware had penetrated the environment weeks before the actual attack took place.
CAUTION: There’s a danger in mass-restoring your backups to an environment where sleeping ransomware is already present.
It’s likely the threat maintains remote access or alternative connections in anticipation of your safety precautions. They know once you sense an intrusion that you’re likely to disable access or change passwords for known admin accounts and they’ll plant alternate routes in anticipation.
Be realistic in your expectations. Full recovery will take time. Even when a client has solid backups and takes all necessary precautions, it can still take security specialists weeks to reconstruct an attack before they even consider restoring backups.
Only proceed once the attack is fully understood. The recovery of recent backups will always be staged. First, each machine is restored into a quarantine environment where they determine the source of the threats. In addition, each machine is scanned by multiple advanced security tools to ensure there are no lingering threats. Only after this thorough inspection is completed can the machine state be moved into the production environment.
The situation is critical, but it helps to have the right partner in technology in your corner. Leverage Opti9 for your organization’s protection against ransomware and cyberattacks. Get your free consultation now.