Guidelines for Minimizing Costly System Shutdowns Following a Cyber-Assault
In the digital age, businesses and organisations are increasingly vulnerable to ransomware attacks, which can cause significant downtime and financial loss. However, by implementing a combination of technological, procedural, and educational measures, it is possible to prevent or minimise the impact of these attacks and ensure a swift recovery. Here are five key tips to help achieve this:
1. **Maintain Regular, Immutable Backups** - Store backups on write-once media or in an immutable cloud repository that malware cannot alter or delete. - Ensure at least three versions of backups, including one stored in an offsite or air-gapped location. - Regularly test backups to confirm recovery capabilities within your target recovery time objective (RTO).
2. **Enforce Strong Patch Management** - Automate vulnerability scanning to identify and fix high-risk systems first. - Prioritize patches for operating systems, third-party applications, browsers, and plugins. - Use a change-management process to test patches before deployment.
3. **Deploy Advanced Email and Endpoint Protection** - Implement robust email filtering tools that sandbox suspicious attachments and analyse links in a safe environment. - Use advanced endpoint protection solutions to detect suspicious activity before it becomes a threat.
4. **Implement Least Privilege Access and Multi-Factor Authentication** - Institute least privilege policies for data and system access to limit the spread of malware. - Enforce strong password policies and implement multi-factor authentication to secure user accounts.
5. **Conduct Regular Security Awareness Training** - Educate employees on identifying and reporting suspicious emails and avoiding risky downloads. - Conduct simulated phishing tests to keep employees vigilant and reduce insider threats.
In addition, organisations should consider implementing an overlay network or software-defined networking strategy to shield their physical network infrastructure from malware or ransomware during a cyberattack. Paying ransom fees to cybercriminals during a ransomware attack is not advisable, as there's no guarantee they will keep their word.
Saving a copy of corrupted data impacted by a cyberattack can provide invaluable information and evidence about what happened, allowing for forensic analysis and prevention of similar attacks in the future. The quality and location of backups are important, with cloud storage or an off-site server in a safe location being recommended.
Considering the costs associated with downtime, investing in a backup power source can help organisations save money during recovery from a cyberattack. Ransomware attacks can lead to an average downtime of 15 to 26 days, with the possibility of it being longer. In some cases, international law may require organisations to ensure they have robust data security protections in place.
- To safeguard valuable business data, organizations should refer to encyclopedia entries on data-and-cloud-computing to learn about immutable cloud repositories for secure data storage, ensuring effective protection against ransomware attacks.
- In the realm of cybersecurity, implementing a technology like an overlay network can provide an added layer of defense for an organization's physical network infrastructure during a cyberattack, offering a crucial shield against malware or ransomware.
