Spike in Ransomware Attacks Shows Why Businesses Must Bolster Defenses
Adding to the problem is that most companies don’t have the means to get out of trouble if they’re hit, short of paying the ransom and hoping that the attacker makes good on the promise to deliver the decryption keys. “Most companies don’t even do adequate backups,” Gold said. “It’s a growing problem. But it’s hard to defend" from a purely technological standpoint. So what can you do? Let’s assume that you’re aware that ransomware could put your company out of business, could cost you millions in lost business, legal fees and damages, and that there are solutions that will at least mitigate the risk. Let’s also assume, although this may be a stretch, that your upper management actually wants to protect their business rather than heading for the hills when catastrophe strikes. In that case, there are two major actions that your company can take that go beyond the basics such as good anti-malware protection and some training on email best practices.The other step is to start implementing real, off-site, cloud backups that are constantly up to date. These backups to the cloud can’t be just a virtual disk drive where things get copied. It needs to be real cloud storage that’s not visible at the operating system level. The reason for that is most ransomware can see storage that appears as an attached drive, and will encrypt that along with your computer. This commitment to protecting your company means that you may have to remove email privileges from those people who simply can’t keep from clicking on attachments or links. It may require stronger sanctions against employees who decide to store critical documents and files on their own servers that aren’t part of the corporate backup and protection plan, and thus aren’t protected against malware. Finally, your company needs to have a plan, if only because there may be a day when the attack happens. “Nothing is 100 percent,” Gold points out. “Educate your users. Make a policy of how you’re going to react.” Gold suggests that it’s important for your business to determine whether the demands of the cyber-criminal will be met, and if so, how. He also said that you will need to determine whether your backups can be restored, how long that will take, and how much the downtime and restoration will cost your company. Perhaps most important defensive measure is to make those plans and decisions well in advance, and then practice their implementation regularly.
First, instill actual email discipline into your workforce. This is more than just sending a memo around that says “Don’t open attachments,” but rather means actual dedicated training, including some form of practical follow up, such as sending test attachments to your employees, followed by additional training for everyone who clicks on the wrong thing.