We’ve all heard the news. Ransomware attacks are growing even more pervasive, as cybercriminals exploit weaknesses across protective and restorative strategies. According to an article in MSSP Alert, there were nearly 500 million attempted ransomware attacks from January to September 2021. No doubt that number grew through the end of 2021 and has not stopped in 2022.
The problem is that too often businesses and their IT departments are not taking a comprehensive approach to fully address the spectrum of what these cyber threats entail. They are turning to shoring up their guard gates with, among other features and tools, security incident response management (SIEM), all while neglecting the essential role disaster recovery programs play in ensuring the recoverability from a ransomware event when one occurs. These traditional and new security tools are necessary and valuable, but simply not enough.
Unfortunately, ransomware is not like other cybersecurity threats, so it demands a unique approach that stands apart from typical SIEM focuses and response measures. Not that a ransomware attack is any easier to pull off than another form of cyber-attack, but because the cybercriminal intent differs (to lock data for monetary gain), this means anyone can hire a hacker to do it for them. A whole enterprise has arisen on the dark web to sell ransomware as a service. Making a business out of this type of attack has further accelerated its sophistication and effectiveness – which is bad news in this post-COVID world where reliance upon digital ecosystems has grown more foundational to business than ever before.
Here’s what SIEM and other security tools fail to address, that businesses must be doing to fully prepare for ransomware threats:
Data protection – Segmenting data is the only way to ensure degrees of separation from where an infection happens to where it can feasibly go when the ransomware bloom occurs. Air gapping is the best way to address this challenge.
Data recovery – Expertly provisioned backups and data replication using DR technologies are essential to the fast retrieval of clean datasets after an event. It emphasizes fast retrieval of clean datasets and the uptime of those assets.
Failover target – Too often IT departments forget that having an off-site cloud-based environment for failover is the best option for fast uptime following a ransomware attack. If your primary data center is a crime scene, where will you recover?
Testing – A good DR plan emphasizes regular testing of the strategy to ensure recovery. However, some SIEM programs do not take this same level of emphasis.
The synthesis between elements of SIEM and modernized disaster recovery can encourage businesses along the pathway of necessary mitigation for ransomware threats. Because of this need for combination, there’s a new managed service that has emerged to address this need: ransomware protection as a service (RPaaS).
With RPaaS, a business receives attention on the full spectrum of needs to fully account for ransomware threats, both before and after an attack. According to an article in Cyber Observer, “the United States ranks highest with 18.2% of all ransomware attacks.” It’s clear it’s not if, but when and when again your business will be targeted. RPaaS is the solution for the evolutionary nature of ransomware threats, going beyond SIEM to address where it falls short.