[BreachExchange] When Ransomware Strikes: Does Your Company Have a Data Disaster Recovery Plan?

Audrey McNeil audrey at riskbasedsecurity.com
Fri Feb 17 08:10:40 EST 2017


http://infosecisland.com/blogview/24882-When-Ransomware-Strikes-Does-Your-
Company-Have-a-Data-Disaster-Recovery-Plan.html

Last year, nearly half of businesses were hit by ransomware. In the first
half of 2016 alone, ransomware cost enterprises $209M. Even worse, experts
predict that ransomware “will spin out of control” in 2017. Apparent in the
headlines, ransomware is rampant and those who commit the attacks aren’t
discriminating against any industry, company size, or company location.
It’s no longer a question of if your company will be targeted by ransomware
but rather when your company will be targeted by ransomware. To prepare,
all enterprises should have a data disaster recovery plan to fight back.

The US Justice Department warns that “paying a ransom does not guarantee an
organization will regain access to their data; in fact, some individuals or
organizations were never provided with decryption keys after paying a
ransom … [after paying,] some victims were asked to pay more to get the
promised decryption key.”

With a little bit of preparation and forethought, your enterprise could
quickly retrieve data backups needed to keep the business running instead
of haggling with cybercriminals to get access to vital and sensitive
documents and ending up in the headlines for the wrong reasons.

Here are three best practices to get your company started on building a
personalized data disaster recovery plan to combat ransomware and other
data loss disasters:

Know the Facts

You can’t protect your assets if you don’t know what they are and where
they reside. The first step of any data disaster recovery plan should be to
take inventory of assets. Conduct a full risk assessment and business
impact analysis to examine the consequences of disruption to a business
function and processes. Understanding the impact of data loss on
business-critical functions is crucial for personalizing your data disaster
recovery plan. Don’t forget to include legal and audit ramifications.

Secondly, know the facts of your company’s agreement with third-party
vendors who handle your data. Don’t be lulled into a false sense of
security if you use collaboration platforms like Microsoft Office 365 or G
Suite. While they provide great capabilities, these SaaS applications can’t
fully protect customers from data loss caused by ransomware, sync errors
from integrations, or human error. It’s not that these providers don’t want
to help, they simply can’t. When data is encrypted, changed or deleted by
ransomware, sync errors, or other destructive activity, these actions look
just like their customers changing or deleting data for legitimate reasons
to the SaaS provider.

Make It a Team Effort

Long gone are the days where only one person is responsible for enterprise
security. To succeed, the entire company needs to be involved in securing
its data and assets as part of the data disaster recovery plan. To this
end, spend time and resources on educating your users on security best
practices to prevent ransomware and phishing. Identify high-value targets
for ransomware, spear-phishing, etc. and monitor for unusual activity on
their end.

A hacker only needs one careless employee to gain access to your whole
network. By having your whole team engaged in good security practices,
hackers will be hindered by a united front. As Ben Franklin once said, “an
ounce of prevention is worth a pound of the cure.”

Back Up Data & Test the Process

Ransomware attackers rely on the fact that majority of users don’t have a
good way to restore data from a backup. Counteract this ploy by regularly
backing up your data with automated systems that ensure point-in-time
restore.

Don’t stop there though. Backups are only as good as the recovery that
comes with them. Take the time to periodically test the restore process to
ensure that restored files from backups are useable and accurate. In a
moment of panic, you should be able to recover your data without thinking,
and get it back exactly the way it was before.

Don’t become a statistic – make the investment to build a data disaster
recovery plan before you need it. Take time to do the research to know the
facts of your data assets and risks, make security a team effort and back
up your data and test the process. You’ll never regret preparing too much
but you’ll definitely regret having to cough up tens of thousands of
dollars in bitcoin to get your business-critical data back and landing in
the headline of every security publication naming your company as the
latest victim to ransomware.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170217/c6b4f7a4/attachment.html>


More information about the BreachExchange mailing list