The Anatomy of Comprehensive Ransomware Protection

The Anatomy of Comprehensive Ransomware Protection

The average downtime for a ransomware attack (defined as “material interruption” to operations) is 22 days.

In DC, the average lawyer’s billing rate is $380 per hour. Multiply that by the number of attorneys in the firm, and multiply that by 8 hours and by 22 days… and you can see why we keep seeing more and more about ransomware in the news: these attacks have proven to be wildly successful, and the damage they can do is massive.

In their 2022 report, data protection software company Veeam found that:

  • 76% of organizations experienced a ransomware attack in the last 12 months
  • The average victim could only recover 64% of their data
  • The MOST organizations could recover was 80% of their data
  • 42% of the attacks started with a user who clicked on a malicious link

In such a dangerous landscape, it’s no surprise that law firms and associations are coming to us with the same question over and over again: What should I do to keep my business safe?

As is the case with most security challenges, there’s no silver bullet when it comes to ransomware; to keep our organizations protected, we have to approach the issue from multiple fronts: prevention, detection, remediation, and recovery.

We’ll walk through each of these four elements and how to best achieve them below.


Prevention: Employee Education

Human error remains the number one cause of ransomware attacks. A staff member clicks the wrong email attachment or navigates to the wrong URL, and that’s it: your system is compromised.

It follows, then, that educating your staff on how to identify, avoid, and respond to security threats is your best bet when it comes to preventing infections in the first place.

We’ve found that the most effective security awareness training programs have 3 prongs:

  1. Annual security training to kick off the program, educate your staff about top threats, how to avoid them, and how to respond.
  2. Monthly security reminders to reinforce and build upon what you learned in the annual training.
  3. Periodic phishing simulation to provide real-life (but harmless) examples of phishing scams, and educate those who fall for them

Formal education can reduce your risk of a breach by up to 70%.


Detection: Advanced Endpoint Protection

Think of Advanced Endpoint Protection like anti-virus on steroids.

These solutions will monitor your desktops, laptops, and tablets beyond simply recognizing known virus signatures. They’ll filter out malicious websites and downloads proactively, flag behavior that it has learned to be “unusual” for a particular machine, and generally keep constant watch for even the most subtle signs of budding malicious activity.

Some of these solutions will also cross into the realm of remediation: Optimal’s Advanced Endpoint Protection solution, for example, features the combination of a 24/7 Security Operations Center (SOC) and SentinelOne’s Ransomware Rollback feature to stop a successful attack in its tracks, and roll your Operating System back to a safe state free of the malware.


Remediation: Backup and Disaster Recovery

If you don’t have an Advanced Endpoint Protection solution that can fully wipe your systems clean of ransomware (and even if you do), backup is your best, well, backup!

If your files become encrypted by ransomware, a tried-and-true method of side-stepping the ransom payment is to recover those files from your last successful backup. Make sure you have a robust solution in place, and that your IT team regularly verifies that it’s working properly.

As an important note: If you give ransomware enough time to spread, it’s possible for the infection to encrypt your backups as well. This is why it is critically important to disconnect any potentially compromised devices from your corporate network immediately.


Recovery: Cyber Liability Insurance

In the unfortunate event that a ransomware infection takes hold, your business is going to pay the price regardless of whether you choose to offer up the ransom. Common cost centers are:

  • Costs of investigating the incident
  • Costs of notifying your clients
  • Costs of restoring your data
  • Costs of downtime
  • Legal fees

According to the IBM’s 2021 Cost of a Data Breach Report, the average total cost of a breach is $4.24 million, up from $3.86 million and the highest recorded average to date. Cyber liability insurance helps to cover these costs so they aren’t all coming out-of-pocket.

Work with your insurance agent to investigate a policy that would make sense given your organization’s unique risk profile and risk tolerance.


Final Word

We’ve said it before and we’ll say it again: It’s not a matter of if your organization will suffer a breach, but when. While we never intend to fear-monger, we’ve seen first-hand the toll that a successful attack can take on an otherwise thriving business. It’s devastating.

If you haven’t implemented some of the solutions listed above, please give them serious consideration. And if you need some guidance, please don’t hesitate to reach out.

More Insights