drj logo
  • This field is for validation purposes and should be left unchanged.

Already have an account? Log in

drj logo

Welcome to DRJ

Already registered user? Please login here

Login Form

Register
Forgot password? Click here to reset

Create new account
(it's completely free). Subscribe

Skip to content
Disaster Recovery Journal
  • EN ESPAÑOL
  • SIGN IN
  • SUBSCRIBE
  • THE JOURNAL
    • Digital Edition
    • Article Submission
    • DRJ Annual Resource Directories
    • Article Archives
    • Career Spotlight
  • EVENTS
    • DRJ Spring 2023
    • DRJ Fall 2023
    • Call for Papers – Fall 2023
    • Other Industry Events
    • Schedule & Archive
  • WEBINARS
    • Upcoming Webinars
    • On Demand
  • MENTOR PROGRAM
  • DRJ ACADEMY
    • DRJ Academy
    • Beginner’s Guide to BC
  • RESOURCES
    • New to Business Continuity?
    • White Papers
    • DR Rules and Regs
    • Planning Groups
    • Business Directory
    • Business Resilience Decoded
    • DRJ Glossary of Business Continuity Terms
    • Careers
  • ABOUT
    • Advertise with DRJ
    • DE&I
    • Board and Committees
      • Executive Council Members
      • Editorial Advisory Board
      • Career Development Committee
      • Glossary Committee
      • Rules and Regulations Committee
  • Podcast

Protecting Your Organization Against Ransomware: 5 Essential Components Of A Data Protection Plan

by Jon Seals | August 12, 2021 | | 0 comments

This post first appeared on the Infrascale blog.

Ransomware attacks continue to be a threat to organizations of all types and sizes. New hits occur on a near daily basis, with the latest incidents including hundreds of touchscreen ticket machines taken offline, and a law firm with dozens of major corporate clients. The Verizon 2021 Data Breach Investigations Report (DBIR) states, “The major change this year with regard to action types was Ransomware coming out like a champ and grabbing third place in breaches (appearing in 10% of them, more than doubling its frequency from last year).”

Ransomware has indeed been a “champ” in that it often defeats its targets.  The best path to success is to not only work to prevent attacks from succeeding, but also have plans for recovering if they do. Download our eBook, “5 Essential Components of a Ransomware Protection Plan” to read tips for preventing ransomware attacks and coping with those that prevail. We’ll cover some highlights in this blog.

According to the McAfee Threats Report: June 2021, “Victims are paying the ransoms, and criminals are introducing more Ransomware-as-a-Service (RaaS) schemes as a result.” Attackers are targeting organizations of all sizes and types, as well as all kinds of data. “The allocation of ransomware attacks remained somewhat evenly distributed between <business> size buckets” per Coveware’s Q4 2020 Quarterly Ransomware report. Small businesses are targeted because they are less likely to have dedicated IT staff, while mid-market companies have a greater capacity to pay.

5 COMPONENTS TO A RANSOMWARE PLAN

5 Essential Components of a Ransomware Protection Plan

Plans for preventing and responding to ransomware attacks can be broken into five core components, which align with cybersecurity best practices, specifically, the NIST CSF (National Institute of Standards and Technology Cybersecurity Framework) Cybersecurity Framework.

1. Identify

Start with a thorough understanding of the scope of your assets, systems, data, people, and capabilities. Risk tolerance varies for different organizations, so you must consider the risks to your organization, and the specific impacts of different systems being rendered inoperable. Consider any needs to comply with regulations such as PCI DSS.

2. Protect

Create technical and administrative safeguards to prevent a potential cybersecurity incident which can impact the delivery of critical services and business processes. Create safeguards that incorporate all the ways your business operates, and are appropriately sized, based on your assessment and risk tolerance, as defined in step one.

Important protection measures include:

  • Least privilege (giving people only the permissions they need to get their job done)
  • Role-based access controls
  • Processes for reviewing vendors
  • Utilize multi-factor authentication, among the FBI’s best practices to minimize ransomware risks
  • Ensure your security solutions are up to date
  • Antivirus (AV) software

Secure Common Ransomware Entry Points

Endpoints, specifically employee endpoints, are compromised more easily and are common ransomware attack vectors. This makes endpoint protection one of the most important components of ransomware prevention. The McAfee Threats Report: June 2021 states, “When it comes to the actual ransomware binary, we strongly advise updating and upgrading your endpoint protection, as well as enabling options like tamper protection and rollback.”

Keep your operating system and application software updated and patched.

3. Detect And Continually Improve

Implement the appropriate actions to identify abnormal or malicious activity in your environment. Detection enables timely discovery of cybersecurity events and includes security continuous monitoring.

Endpoint Detection and Response (EDR)

As bad actors continually adapt their attack techniques, they can be successful in circumventing AV software. This is where Endpoint Detection and Response (EDR) can help by looking for bad behavior and alerting the end-user or administrator.

Earlier warning of infection increases response time to stop the spread of the infection – and better yet – illuminate the exact timestamp of infection so that the exact recovery point is known.

Continually Improve

Info security programs must be continually amended and updated. The NIST CSF framework is displayed in a wheel, visualizing this concept of constant improvement and adaptation.

Incorporate continual improvement plans to address gaps in your visibility and protections. Evaluate all of your alarms and monitors and confirm your responses and processes are optimized. For example, if you’re seeing numerous alarms for spam or malware, revisit step two and implement new security tools or alter your existing tools to improve your protections in light of these threats.

4. Respond

Develop and practice an incident response program within your organization that can be activated to help contain the impact of security events, including ransomware. You need visibility as well as processes for responding.

Specifically, aim to determine when the infection started so you know how far back to go for a clean restore. Prompt warning notifications are vital to enable administrative action in real-time and minimize the damage. Identify, isolate, and remove the infected computer(s). It’s also important to inform employees and provide a timeframe for restoration of affected systems.

5. Recover

Build a cyber resilience program, including a back-up and restoration strategy to restore core functionality and avoid the expense of hours of downtime. This must include protecting not just data stored on-premises, but in various cloud and SaaS providers.

With a backup and DR plan in place, you won’t need to pay the ransom to access your data and continue operations. Look for solutions such as Infrascale Cloud Backup (ICB) that are easy to deploy, install, and manage directly from one unified console.

For more, including tips on how to protect your business, download our eBook, 5 Essential Components of a Ransomware Protection Plan.”

Related Content

  1. Disaster Recovery Journal
    Think before you buy: 11 considerations to make before purchasing a data protection solution
  2. Disaster Recovery Journal
    What can your BCM Tool do for you?
  3. Use DR Data Protection Pillars to Build a Next-gen DR Strategy

Recent Posts

Accenture Technology Vision 2023: Generative AI to Usher in a Bold New Future for Business, Merging Physical and Digital Worlds

March 30, 2023

Certa Partners with ID-Pal to Simplify and Enhance Third-Party Onboarding

March 29, 2023

VIQ Solutions Reports Fourth Quarter and Full Year 2022 Financial Results

March 29, 2023

DMS Announces Private Placement of Convertible Preferred Stock

March 29, 2023

ADTRAN Holdings Announces Retirement of CFO and Appointment of New CFO

March 29, 2023

GigNet Signs Collaboration Agreement with Ministry of Tourism for the State of Quintana Roo, Mexico to Enhance the Tourist Experience for Visitors

March 29, 2023

Archives

  • March 2023 (1226)
  • February 2023 (1154)
  • January 2023 (1391)
  • December 2022 (1144)
  • November 2022 (1595)
  • October 2022 (1574)
  • September 2022 (1571)
  • August 2022 (1581)
  • July 2022 (1365)
  • June 2022 (1711)
  • May 2022 (1651)
  • April 2022 (1618)
  • March 2022 (1924)
  • February 2022 (1549)
  • January 2022 (1472)
  • December 2021 (1446)
  • November 2021 (1835)
  • October 2021 (1777)
  • September 2021 (1697)
  • August 2021 (1661)
  • July 2021 (1566)
  • June 2021 (1768)
  • May 2021 (1666)
  • April 2021 (1798)
  • March 2021 (1907)
  • February 2021 (1038)
  • January 2021 (554)
  • December 2020 (30)
  • November 2020 (35)
  • October 2020 (48)
  • September 2020 (57)
  • August 2020 (52)
  • July 2020 (40)
  • June 2020 (72)
  • May 2020 (46)
  • April 2020 (59)
  • March 2020 (46)
  • February 2020 (28)
  • January 2020 (36)
  • December 2019 (22)
  • November 2019 (11)
  • October 2019 (36)
  • September 2019 (44)
  • August 2019 (77)
  • July 2019 (117)
  • June 2019 (106)
  • May 2019 (49)
  • April 2019 (47)
  • March 2019 (24)
  • February 2019 (37)
  • January 2019 (12)
  • ARTICLES & NEWS

    • Business Continuity
    • Disaster Recovery
    • Crisis Management & Communications
    • Risk Management
    • Article Archives
    • Industry News

    THE JOURNAL

    • Digital Edition
    • Advertising & Media Kit
    • Submit an Article
    • Career Spotlight

    RESOURCES

    • White Papers
    • Rules & Regulations
    • FAQs
    • Glossary of Terms
    • Industry Groups
    • Business & Resource Directory
    • Business Resilience Decoded
    • Careers

    EVENTS

    • Spring 2023

    WEBINARS

    • Watch Now
    • Upcoming

    CONTACT

    • Article Submission
    • Media Kit
    • Contact Us

    ABOUT DRJ

    Disaster Recovery Journal is the industry’s largest resource for business continuity, disaster recovery, crisis management, and risk management, reaching a global network of more than 138,000 professionals. Offering weekly webinars, the latest industry news, rules and regulations, podcasts, the industry’s only official mentoring program, a quarterly magazine, and two annual live conferences, DRJ is leading the way to keep professionals up-to-date and connected in an ever-changing world.

    LEARN MORE

    TWITTER

    Disaster Recovery Journal is the leading publication/event covering business continuity/disaster recovery.

    Follow us for daily updates @drjournal

    Newsletter

    The Journal, right in your inbox.

    Be informed and stay connected by getting the latest in news, events, webinars and whitepapers on Business Continuity and Disaster Recovery.

    Subscribe Now
    Copyright 2023 Disater Recovery Journal
    • Terms of Use
    • Privacy Policy