Your organization’s users, employees, and customers generate content every day. Much of this content is key to operations, or sensitive personal information, or critical intellectual property. If this data goes missing or falls into the wrong hands due to a ransomware attack, an organization would be severely handicapped and could be at risk of extinction.
Leading security applications should keep this data safe and secure inside the data center, but 2020 has shown that data is under massive attacks by cybercriminals, who cause great harm and expense.
Any type of organization, large or small, can be vulnerable to cyberattacks, but any type of organization can be prepared by addressing gaps in data protection that invite hackers to enter. Here are five defensive strategies gathered from experts in mission-critical information management, cybersecurity and governance.
1 Use real-time malware detection
Cybercriminals look for the easy score when attempting to break into data centers. It could be an old attack method that’s worked in the past, or one of many new threats architected each day to find unsecure targets before they’re discovered. A commercially available anti-malware software is an important first line of defense. There are many available, but they should be set to perform frequent system scans to identify malware as soon as possible. All updates and patches should be automatically installed to keep up with the latest threats.
2 Use backup solutions that provide full content analytics
Today’s backup products often have some level of content analysis that touts their ability to identify if any particular data has been corrupted. However, these applications have limitations, chief among them they may only scan metadata, the basic information about a file or database such as date created or location. Some others use metadata analytics on the first pass, and if that turns up possible corruption, they then analyze content of that file. While this is better, it’s still flawed, and likely to miss more advanced attack vectors. Perhaps more important, this may provide a false sense of security. The best solution is comprehensive content-based analytics scan from the start to not only validate data integrity but give the confidence that even sophisticated and hidden attacks have been found and neutralized.
3 Deploy forensic analysis with machine learning
Cybercriminals use ML to their advantage and so should you. Most cybercriminals are constantly changing approaches to infect and attack business operations in new ways and identify new vulnerabilities. Well-funded and organized syndicates of attackers use advanced technologies to re-engineer their tactics – it’s no longer a bunch of loosely affiliated opportunists. Forensic analysis software that includes AI/ML can detect patterns and anticipate changes that human-based systems cannot.
4 Don’t pay the ransom
Even if you’ve done your best to protect your organization, hackers may still find a way into your compute and storage infrastructure through human error, falling for a phishing scheme, or a disgruntled employee, for example. If your data has been breached or worse, encrypted, resist the temptation to play into the attacker’s hand by paying the ransom. Paying is no guarantee you’ll get your data back – cybercriminals are not known for their code of ethics – and you may get hit with a new demand for an increased amount. Even if you do get your data back, if they see you’re willing to pay, they or their cronies may re-target you, sometimes with the same security exploit as before.
5 Recover right
Not paying the ransom does not mean you won’t be able to get your systems operating again, nor does it mean an excruciatingly long and disruptive recovery. With proper security and protection software and practices in place, a ransomware attack is like any other disaster recovery scenario. In a post-attack forensic discovery process the breach and the malware that executed the attack is identified, and the most recent clean, uninfected backup is used to restore lost, corrupted, or infected data. Effective cyber-recovery tools guide the post-attack recovery and protect against future intrusions too.
Cybercriminals will strike any organization, no matter how big or small . Take the proper steps to fortify your defenses, address gaps in data protection, and create a cyber safety net to stave off attacks in the first place. If you do fall victim, cybersecurity applications help you achieve fast, efficient recovery without paying ransoms. Remember that criminals want the path of least resistance, and if you’re properly equipped, you’re not worth their time and effort.