Ransomware is a profitable criminal endeavor (a 2016 survey estimated $1 billion each year, but current numbers are surely much higher) by individuals who don’t hesitate to damage public institutions and private enterprises—and they’re not going anywhere.
Best practices and tools to:
In this blog article we’ll take a look at how you can find and implement those practices with Veeam’s Hyper Availability platform.
Data and systems unavailability triggers a domino effect of other technical and business consequences. Research by ESG found that 71 percent of surveyed organizations could not tolerate more than one hour of downtime for their high-priority applications, which are frequently the ones targeted by ransomware.
In addition, from a recovery point objective (RPO) perspective, 51 percent of organizations surveyed report that losing just 15 minutes of data from their high-priority applications is the maximum they can tolerate without significant business impact. This downtime and data loss can take months or years to recover from, and that’s before considering the loss of customer confidence and direct revenue.
To fend off ransomware attacks, there are recommended cybersecurity and backup and recovery best practices.
End-User Education, Intrusion Testing, and Mock Phishing
Conducted by a third-party cybersecurity partner, these steps are invaluable—especially with less experienced staff.
Email and Web Controls
Given the likelihood of infiltration coming from these areas, controls are crucial. To establish a first line of defense, use tools that can identify and block illegitimate phishing email, scan for known ransomware or malware in emails, and isolate attachments for analysis. This effort should encompass native cloud applications such as Office 365. Web controls can be used to analyze a website’s reputation and block known bad URLs, and they can scan for malicious downloads and browser exploits.
Endpoints
Endpoints are often the attack vector for introducing ransomware, representing a need for a set of robust countermeasures. Endpoint security controls that employ multiple detection technologies to prevent file-based and file-less ransomware, as well as other types of malware, are critical.
Network-based Controls
The effort begins with establishing protection across all ports and protocols, and monitoring all traffic on the physical or virtual network. It can be complemented by detection methods such as sandbox analysis for new and unknown ransomware.
Servers
Servers, especially database servers, have also become targets for ransomware attacks. They require the use of technologies to scan for ransomware and other forms of malware and controls to maintain system integrity. Being diligent about maintaining a patching discipline is a clear best practice, but it comes with an operational impact for many organizations and does not prevent zero-day attacks.
Backup and Recovery
Beyond employing cybersecurity best practices, backup and recovery is an important component to ensuring uptime. Best practices include:
Veeam’s Hyper-Availability Platform offers data availability to enterprises no matter where the data lives – on-premises, in the core data center, in remote offices, or anywhere in the cloud. It is perfectly suited for ransomware protection with a keen focus on both data centers and endpoints.
On the data center side, Veeam allows organizations to restore data infected by ransomware to a known-good state. End-users can also leverage the Veeam Availability Suite to perform quick and granular restore operations for databases, applications, files, and operating systems.
The suite provides one-click file-restore capabilities for storage snapshots, which can be useful for fast recoveries of critical files. Veeam has also integrated with many storage vendors to accelerate performance and recovery capabilities.
Unfortunately, ransomware isn't going anywhere. As hackers evolve their methods, ransomware will only continue to pose a growing threat to enterprises around the world. The business risk is potentially devastating and needs to be managed with a combination of best practices and the right tools. Contact WEI to begin strengthening your response and protecting your organization today.
NEXT STEPS: Protect your enterprise with network security tips in our tech brief, 'Using network segmentation to manage malware and ransomware risks' below!