cancel
Showing results for 
Search instead for 
Did you mean: 

Ransomware Resilience Comes Down to People, Technology, and Processes

AlexRestrepo
Level 1
Employee

Ransomware attacks are becoming significantly more complex and sophisticated, as we’ve written. But like every other technology challenge, mitigating ransomware threats can be boiled down to simpler concepts: it’s about people, technology, and processes.

Whatever technology initiative you can think of – whether it is a digital transformation or hybrid multicloud, regulatory compliance, or cybersecurity – success or failure comes down to how effectively those three things are integrated. And with the stakes so high with ransomware, it’s vital to get them all functioning properly in unison.

That’s not to say that getting the three elements of the organizational framework right is easy – far from it. But when I’m asked for my point of view on effective ransomware resiliency, it’s critical to reduce the challenge to essential areas of focus. It helps enterprises wrap their collective heads around the problem and determine a path forward that will ensure their data, workloads, and applications can be recovered quickly in the event of a successful ransomware attack.

Here are my thoughts on each of these essential areas:

  • People. Some of the most crippling ransomware attacks in history – WannaCry, Petya, Bad Rabbit – were executed based on mistakes made by people. Malware like these were spread by a user mistakenly downloading an infected program they thought was legitimate, by opening phishing emails with malicious attachments, or by not applying critical operating system patches. Enterprises have a fundamental responsibility to educate their employees about the latest ransomware threats and about the potential attack vectors like email phishing, and malicious software that could threaten their data or systems. IT departments need to have an effective patch management approach to close vulnerabilities as quickly as possible.
  • Technology. It goes without saying that rock-solid technology plays an important role in resiliency. Enterprises should have good endpoint data protection tools for desktops and laptops to ensure employees in different sites or in remote offices have their data backed up continuously. Enterprises should follow a “3-2-1” backup approach: a minimum of three copies of their data, in two disparate locations, with at least one off-site. Air gap backup involves having at least one copy of your data that’s entirely offline, disconnected from your network and data centers. Tape may be an archaic medium, but in some cases it’s a good idea to have a tape library. However, a company’s available recovery time objective may be lengthy with tape, so it should be a last-resort measure.
  • Processes. Enterprises must have the right processes established to ensure they are resilient. They may have a disaster recovery plan that looks great on paper, but if they don’t test it regularly, they’re not able to determine if a recovery site will be up and running as expected, in the event it’s needed. A good disaster recovery rehearsal involves simulating a failover of a company’s applications and data to a DR data center and stress-testing it for any areas of weakness. Enterprises should also run a full backup as a regular process in certain situations, such as upgrading an operating system or changing server roles or features.

We don’t know how ransomware will continue evolving over time. But we know it will evolve and get more complex. Just this summer, there were reports of ransomware targeting systems, not just data. We also saw more attacks on enterprises as bad actors are targeting higher-margin business.

The future of ransomware may be unpredictable, but I think these three fundamental components pillars of people, technology, and processes will continue to be the organizational pillars that enterprises’ response to the ransomware threat will rest on.

There may never be a finish line – a point where we can say, “We did it. We solved the ransomware threat.” But candidly assessing potential vulnerabilities in each of the above areas will help enterprises keep pace with, and maybe stay one step ahead of, the malicious actors.

Interested in learning more? Read the next in the blog series: The Path to Greater Resiliency: How to Recover from a Ransomware Attack