We’ve all heard the news. Ransomware attacks are growing even more pervasive, as cybercriminals exploit weaknesses across protective and restorative strategies. According to an article in MSSP Alert, there were nearly 500 million attempted ransomware attacks from January to September 2021. No doubt that number grew through the end of 2021 and has not stopped in 2022.

The problem is that too often businesses and their IT departments are not taking a comprehensive approach to fully address the spectrum of what these cyber threats entail. They are turning to shoring up their guard gates with, among other features and tools, security incident response management (SIEM), all while neglecting the essential role disaster recovery programs play in ensuring the recoverability from a ransomware event when one occurs. These traditional and new security tools are necessary and valuable, but simply not enough.

Unfortunately, ransomware is not like other cybersecurity threats, so it demands a unique approach that stands apart from typical SIEM focuses and response measures. Not that a ransomware attack is any easier to pull off than another form of cyber-attack, but because the cybercriminal intent differs (to lock data for monetary gain), this means anyone can hire a hacker to do it for them. A whole enterprise has arisen on the dark web to sell ransomware as a service. Making a business out of this type of attack has further accelerated its sophistication and effectiveness – which is bad news in this post-COVID world where reliance upon digital ecosystems has grown more foundational to business than ever before.

Here’s what SIEM and other security tools fail to address, that businesses must be doing to fully prepare for ransomware threats:

Data protection – Segmenting data is the only way to ensure degrees of separation from where an infection happens to where it can feasibly go when the ransomware bloom occurs. Air gapping is the best way to address this challenge.

Data recovery – Expertly provisioned backups and data replication using DR technologies are essential to the fast retrieval of clean datasets after an event. It emphasizes fast retrieval of clean datasets and the uptime of those assets.

Failover target – Too often IT departments forget that having an off-site cloud-based environment for failover is the best option for fast uptime following a ransomware attack. If your primary data center is a crime scene, where will you recover?

Testing – A good DR plan emphasizes regular testing of the strategy to ensure recovery. However, some SIEM programs do not take this same level of emphasis.

The synthesis between elements of SIEM and modernized disaster recovery can encourage businesses along the pathway of necessary mitigation for ransomware threats. Because of this need for combination, there’s a new managed service that has emerged to address this need: ransomware protection as a service (RPaaS).

With RPaaS, a business receives attention on the full spectrum of needs to fully account for ransomware threats, both before and after an attack. According to an article in Cyber Observer, “the United States ranks highest with 18.2% of all ransomware attacks.” It’s clear it’s not if, but when and when again your business will be targeted. RPaaS is the solution for the evolutionary nature of ransomware threats, going beyond SIEM to address where it falls short.

ABOUT THE AUTHOR

John Gray

John Gray is CTO of InterVision, a company that, as a leading strategic services provider, delivers and supports complex IT solutions for mid-to-enterprise and public sector organizations. For 25 years, the company has guided clients through any stage of their technology journeys, using one of the most comprehensive product portfolios of managed IT service offerings available.

A Reality Check on Instant Recovery
Data protection providers now routinely roll out new announcements about their instant recovery features. Prompted by the rise in ransomware...
READ MORE >
The Colonial Pipeline’s Security Awareness Lessons
Ransomware is one of the top cyber threats facing businesses. The most significant ransomware attack that ever went public involved...
READ MORE >
How to Defend Against Cyberattacks That Take Over Admin Accounts
In July, 45 high-profile Twitter accounts tweeted variations of the same offer: Send me any amount of Bitcoin, and I’ll...
READ MORE >
Get More Bang for Your Microsoft 365 Backup Buck
Good news awaits any organization looking for an online software-as-a-service (SaaS) solution to back up its Microsoft 365 Online data....
READ MORE >