For Kansas City organizations that rely heavily on computer systems to operate, ransomware is a very real threat. Just last August, the Metropolitan Community College of Kansas City (MCCKC) announced that they had suffered an attack that resulted in some of their data being remotely encrypted by a cybercriminal.
MCCKC fared better than Garmin, which chose to pay a $10 million ransom to get its data back. The GPS tech company received the decryption keys soon after, which allowed them to recover their data and resume operations after a days-long service outage.
But what if they were given the wrong decryptors? They’d be $10 million poorer and still continue to lose income due to them losing customers. This is why businesses are discouraged from ever paying ransoms — and advised to have an effective backup and recovery plan.
Learn more about backup and recovery plans by downloading our free eBook.
How do you ensure your backup and recovery plan is effective against ransomware?
In a nutshell, a ransomware attack will only be successful if it infiltrates your network and you don’t have anything to fall back on. Therefore, you need a backup and recovery system that is in and of itself resilient against cyberattacks.
- Your strategy must utilize offline backup systems.
Once cybercriminals have sneaked their way into someone’s computer, they scope out the network it’s wired into and infect other computers with ransomware. They also seek out and destroy as many online backups as they can get their hands on. Therefore, having backups that are not connected to your corporate network is critical to having a fallback that is clean and practically tamper-proof.
Before restoring your systems using the offline backup, one must first determine the extent of the infection and then quarantine affected machines. This is to prevent your offline backup from becoming compromised as well.
- Local backups must be physically air-gapped.
In network systems, air-gapping is a cybersecurity measure for isolating computers or networks from unsecure or compromised networks. Air-gapped backups have no network interface connections — be they wired or wireless — to other networks. In simpler terms, the backups are disconnected from other networks until a new backup is created, which is done on a scheduled basis.
Vigilance is required when using air-gapped backups. If ransomware encrypts data prior to your scheduled backup, and you fail to catch this, then the backup will copy the encrypted data and be rendered useless. However, if you do catch it before data is replicated, then you can use the clean backup to restore the data you lost to encryption.
- Have a single agency integrate backup and recovery into one unified cybersecurity strategy.
Cybersecurity today has so many components. You have identity and access management, patch management, anti-malware software, and network monitoring, just to name a few. Then, you need your backup and recovery to work with those solutions.
For instance, you want to limit access to your backups, so you’ll likely need to protect these with multifactor authentication. And prior to using your backups, you’ll want to scan these using the latest anti-malware programs to help ensure that these aren’t compromised.
To make your recovery process as swift and effective as possible, having a single agency execute an integrated approach to your cybersecurity is your best bet. There’s no need to coordinate and wait on other parties, especially when time is of the essence.
- Regularly test disaster recovery.
To ensure the viability of your disaster recovery setup, it must be tested regularly. This can be done by simulating serious ransomware campaigns — that is, campaigns that affect large swaths of your network and significantly stall your operations.
Involve non-IT teams in ransomware workshops and other training sessions so that they can avoid inadvertently assisting your system's attackers. At best, they can help your IT team hasten the recovery process so that costs associated with downtime are minimized.
Turn to Umbrella for top-notch backup and disaster recovery services. To learn more about how our services can protect you from ransomware attacks and other cyberthreats, drop us a line today to schedule a FREE consultation.