2022 was fraught with ransomware attacks, from the Los Angeles Unified School District to semiconductor chip maker Nvidia. But these weren’t the first and they certainly won’t be the last. Not only are cybercriminals increasing their attacks on organizations across the U.S., they’re getting smarter about how they execute them.
According to Gartner’s “How to Respond to the 2022 Cyberthreat Landscape” report, cybercriminals are beginning to use automation with tech like human-driven bots (“hu-bots”), multichannel phishing (“mc-phishing”) and ransomware as a service that help them circumvent organizations’ cybercrime protections. In other words, at this point, ransomware attacks are no longer an “if” but a “when.”
Unfortunately, many organizations have either no cybersecurity strategies or extremely outdated protocols that will no longer keep their sensitive data safe from cyber criminals. With 83% of organizations already experiencing more than one data breach, IT leaders can’t afford to continue putting off a ransomware recovery strategy.
Here’s where to start.
Create a ransomware recovery plan that’s integrated into your organization’s overarching security practices.
Many organizations preach cybersecurity but fail to think critically about the practices that will help their unique organization quickly recover in the case of an attack. As you’re thinking about your security and recovery practices, a one-size-fits-all approach won’t work anymore. Consider ransomware protection as a service (RPaaS) to help guide you toward the ransomware recovery playbook that will best suit your particular organizational needs and fit seamlessly into your existing protection plan.
Test the plan regularly.
If you feel completely confident that the security measures you put in place a year — or even a couple of months — ago are protecting your organization, think again. The first place cyber criminals will look to attack is via holes in your system, usually missed due to overconfidence in a plan. And you won’t know what you’re missing until you test your plan — over and over.
Regularly testing your ransomware detection and recovery plan allows you to continually revise your strategy to cover these holes. Frequent testing can also give your IT and security teams opportunities to practice the protocols they’ll need to know like the back of their hand in an emergency situation.
Ensure there are secure secondary datasets in case of emergency.
One of organizations’ biggest failures in the event of a ransomware attack is a lack of secure datasets stored outside of the main IT system. If you don’t prioritize anything else, prioritize regular data backups. By ensuring these datasets are prioritized and secured, an organization can still function with the protected, offsite data — even if their IT systems are completely inaccessible during an attack.
Technology is continuing to evolve at a rapid pace, and so are the cyber threats against it. While it may seem nearly impossible to protect an organization against these threats, IT leaders can ensure a ransomware attack doesn’t cause their business total demise by putting an individualized, well-tested ransomware recovery plan in place now.
About the Author
Allen Jenkins is the Chief Information Security Officer and VP of Cybersecurity Consulting at InterVision, an IT strategic service provider and Premier Consulting Partner in the Amazon Web Services Partner Network.