What will it take the city of Baltimore to recover from its recent ransomware attack? Over $18 million. Atlanta won’t be surprised: it cost $17 million for them to recover from their attack last year.
There’s a reason we keep seeing more and more about ransomware infections in the news: they have proven to be wildly successful, and bad actors fully intend to milk this cash cow for all it’s worth.
Cyber Security Ventures reports that a new organization will fall victim to ransomware every 14 seconds this year. By 2021, we’ll only have 11 seconds between attacks.
In such a dangerous landscape, it’s no surprise that law firms and associations are coming to us with the same question over and over again: What should I do to keep my business safe?
As is the case with most security challenges, there’s no silver bullet when it comes to ransomware; to keep our organizations protected, we have to approach the issue from multiple fronts: prevention, detection, remediation, and recovery.
We’ll walk through each of these four elements and how to best achieve them below.
Prevention: Employee Education
Human error remains the number one cause of ransomware attacks. A staff member clicks the wrong email attachment or navigates to the wrong URL, and that’s it: your system is compromised.
It follows, then, that educating your staff on how to identify, avoid, and respond to security threats is your best bet when it comes to preventing infections in the first place.
We’ve found that the most effective security awareness training programs have 3 prongs:
- Annual security training to kick off the program, educate your staff about top threats, how to avoid them, and how to respond.
- Monthly security reminders to reinforce and build upon what you learned in the annual training.
- Periodic phishing simulation to provide real-life (but harmless) examples of phishing scams, and educate those who fall for them
Formal education can reduce your risk of a breach by up to 70%.
Detection: Advanced Endpoint Protection
Think of Advanced Endpoint Protection like anti-virus on steroids.
These solutions will monitor your desktops, laptops, and tablets beyond simply recognizing known virus signatures. They’ll filter out malicious websites and downloads proactively, flag behavior that it has learned to be “unusual” for a particular machine, and generally keep constant watch for even the most subtle signs of budding malicious activity.
Some of these solutions will also cross into the realm of remediation: Optimal’s Advanced Endpoint Protection solution, for example, features the combination of a 24/7 Security Operations Center (SOC) and SentinelOne’s Ransomware Rollback feature to stop a successful attack in its tracks, and roll your Operating System back to a safe state free of the malware.
Remediation: Backup and Disaster Recovery
If you don’t have an Advanced Endpoint Protection solution that can fully wipe your systems clean of ransomware (and even if you do), backup is your best, well, backup!
If your files become encrypted by ransomware, a tried-and-true method of side-stepping the ransom payment is to recover those files from your last successful backup. Make sure you have a robust solution in place, and that your IT team regularly verifies that it’s working properly.
As an important note: If you give ransomware enough time to spread, it’s possible for the infection to encrypt your backups as well. This is why it is critically important to disconnect any potentially compromised devices from your corporate network immediately.
Recovery: Cyber Liability Insurance
In the unfortunate event that a ransomware infection takes hold, your business is going to pay the price regardless of whether you choose to offer up the ransom. Common cost centers are:
- Costs of investigating the incident
- Costs of notifying your clients
- Costs of restoring your data
- Costs of downtime
- Legal fees
According to the Ponemon Institute, the average total cost of a breach is $3,860,000. Cyber liability insurance helps to cover these costs so they aren’t all coming out-of-pocket.
Work with your insurance agent to investigate a policy that would make sense given your organization’s unique risk profile and risk tolerance.
We’ve said it before and we’ll say it again: It’s not a matter of if your organization will suffer a breach, but when. While we never intend to fear-monger, we’ve seen first-hand the toll that a successful attack can take on an otherwise thriving business. It’s devastating.
If you haven’t implemented some of the solutions listed above, please give them serious consideration. And if you need some guidance, please don’t hesitate to reach out.