3 minute read
Threat Defense
Protecting Your Business in the Age of Ransomware
Ransomware is hitting close to home for organizations of all sizes and sectors. With attacks making headlines daily, it’s no surprise that 62 percent of surveyed IT decision-makers are concerned about coping with malware and ransomware, according to the Dell Technologies 2021 Global Data Protection Index (GDPI).
Advertisement
It’s not only the rising drumbeat of the bad news that keeps this threat top of mind. When you regularly see the impacts on your industry peers, you start asking yourself: Are we next? At the GDPI launch event, Michael Dell, chairman and CEO of Dell Technologies, explains why all businesses, large and small, from your insurance broker to the local butcher are more spooked than ever before.
The GDPI uncovered that 64 percent of leaders are concerned they’ll experience a disruptive event, such as data loss or downtime, in the next year. With the frequency of ransomware attacks on the rise, I think all businesses should expect an attack. Whether or not you should be fearful depends on how prepared you are.
A threat like no other
Many cybersecurity threats are destructive, but few pack as big a punch as ransomware. Its profound effects stretch across your entire organization, halting operations, disrupting business-critical services, and sometimes even putting people at risk. These attacks are also among the costliest to mitigate.
What makes ransomware unique, however, is its “in your face” style. You can discreetly mitigate other security incidents, but ransomware attacks have become so overt that your customers will most likely know about them. What would that do to your brand reputation and trust?
‘The perfect crime’
For cybercriminals, ransomware is the perfect crime for the digital age. Not only does it have a low entry barrier, but it yields a greater return on investment than garden-variety cybercrime. Like a savvy entrepreneur, a threat actor goes where the best opportunities are—and today, that’s ransomware.
Think about it. A ransomware attack requires little technical skill, thanks to the availability of ransomware-as-a-service on the dark web marketplace. The ransomware operators don’t have to concern themselves with reconnaissance, gaining initial access or writing exploits. All these services, and plenty others, are available in abundance—complete with 24/7 customer service.
On top of that, the attackers don’t have to go far to monetize. When you’re hit with ransomware, you become, in essence, an instant “customer” of theirs. They know you need your systems to be up and running as fast as possible, and you need to prevent the potential release of your data. They have your instant attention and the power; unless you have the means to defend yourself and recover your data.
Defense starts with the basics
To guard against ransomware, you have to start with the basics. First, implement the NIST Cybersecurity Framework (or another that’s a best practice in your industry). Once you have the essential pieces in place—patching, antivirus, security awareness, and so on—you can build to the more sophisticated defenses, such as zero-trust and identity and access management.
Regardless of what other defenses you have in place, one of the most critical steps in fighting a ransomware infection is data backup. The more robust your backup plan, the less power and hold the attackers will have over you.
One more step: practice
Another important step in ransomware defense that many organizations overlook is practicing their disaster recovery and response plans. Without running drills, simulations, and tabletop exercises, your team will have to work things out in the middle of a crisis. That’s not the best time to figure out who to call and where to find those phone numbers.
According to the GDPI, 67 percent of IT leaders are not very confident they’ll be able to recover their business-critical data in the event of a destructive cyberattack. As an industry, we can do better. If you haven’t thought through the ransomware risks and implications yet, start that process now. With practice comes confidence. Be reassured: You don’t have to be beholden to brazen criminals. There are ways and means to protect yourself. Yes, at some point in time, you’ll be targeted (if you haven’t already). But you can choose how you respond and minimize the fallout. There are ways to protect your business and recover your data without submitting to the criminals’ demands and lining their pockets with your hard-earned money.
What’s next?
To best learn what options are available, turn to ORLA’s Preferred Partner, Dell Technologies. You can call and speak with a technology advisor at 855.900.8442 or shop online at Dell.com/ORLA. JOSH
