How to Build a Ransomware Readiness Kit

Jul 22, 2020 | Cloud Security, Cybersecurity

Ransomware is one of the fastest growing Cybersecurity threats, for the public and private sector. In the first quarter of 2019, ransomware attacks grew by 118 percent with an average cost of $55,000 per attack according to security certification and training institute InfoSec.

This makes ransomware readiness a high priority with a focus on defense.

Taking steps to protect data and endpoints from infection requires a multi-tiered plan and involvement from everyone in the organization. Both public and private organizations can develop a ransomware readiness kit by instituting the following methods, tools and training.

To help in that kit development we’ve broken down the process into prevention, protection and recovery.

Ransomware Readiness Prevention and Protection

With the growing impact of ransomware attacks on businesses, It’s clear that prevention of ransomware attacks is the ideal scenario in the digital age. This requires making awareness training and putting the proper tools in place the first step. Funds are often limited for SMBs

and government entities when it comes to cybersecurity, so it’s wise to start with implementing detection and protection at every step This starts with both through employee education and automated tools and processes

Staff Training

Your staff is the biggest cybersecurity risk that you have because email attachments and malicious links are the primary risks for infection. Protecting your organization requires understanding these types of attacks and educating your users about how they operate and gain a foothold in the organization. This requires setting up regular security training across the organization via:

  • In-house seminars
  • Interactive discussions with IT
  • Digital employee handbook reminders

The goal is to explain what ransomware attacks look like, and how employees can spot the signs of potential threats. Since many organizations lack an on-site security expert, it would be ideal to hire an outside security consultant to deliver the training that uses supplementary video and real-world examples.

The security consultant can help identify and train security operations staff and help rehearse ransomware scenarios during training exercises. A well-implemented ransomware readiness plan should make employees the front-line defense in multilayered protection strategies.

Implement Ransomware Prevention Tools and Processes

While email is the primary means of gaining access to the network for planting exploit kits, you will need to secure your entire network perimeter to minimize the chance of breach. That’s why it’s important to know how your network is configured and what software you regularly. By knowing what your system looks like and how it works, you can more easily identify problems when they occur. Here are Just some of the prevention tools and processes your ransomware kit will need:

  • Limit database access to authorized users
  • Disabling macro scripts from office files transmitted over email
  • Disable macros scripts in Microsoft Office
  • Regularly patch systems and use automated patching when possible
  • Know your network connections and traffic
  • Use antivirus and anti-spam solutions.
  • Restrict Internet access
  • App whitelisting
  • Implement identity access management tools via multi-factor authentication (MFA)
  • Use web filtering

While prevention and protection are a cornerstone of ransomware readiness, there is only one completely reliable method for protecting the organizations systems, applications and data.

This comes in the form of system and data backups through business continuity and disaster recovery planning (BCDR).

Business Continuity and Disaster Recovery Planning

Paying the ransom to gain access to your encrypted systems and data is never the best answer since there is no guarantee that the encryption key will work. The only guarantee to full recovery from a ransomware attack is to employ backup and disaster recovery planning to ensure business continuity.

The idea is to back up everything including desktops and servers in ways that are reliable, efficient and quick. Your ransomware readiness kit should include the ability to:

  • Backup all files, servers, systems and endpoints
  • Implement lightweight, optimized data protection tools that minimize recovery points
  • Perform regular backups of all systems
  • Establish needed recovery point objectives (RPO) and recovery time objectives (RTO)
  • Validate backups, for mission-critical data
  • Test backup systems to ensure full and seamless recovery of operations

There are modern backup tools that can simplify device, application and data protection in the event of malware. Modern file sync and share tools can reduce file versioning intervals and minimize data loss.

Backup solutions should have several tiers so that you keep backup file copies in several locations and on different media. A prevalent way to make BCDR affordable and efficient is via the cloud.

Move Business Continuity to the Cloud

Using the cloud for BCDR via a cloud provider is growing in popularity for SMBS. Major providers are gearing their solutions to the needs of the public sector where compliance and FedRamp considerations are needed. It can be a little intimidating to design a cloud solution that manages data in a hierarchy (data storage, backup and restore, disaster recovery). Even when automating the process as much as possible, organizations are best served by partnering with a cloud services and managed security services provider.

Ransomware Readiness with an MSSP

Cybersecurity strategies and ransomware readiness can have a lot of moving parts and require expertise, tools and technologies that aren’t always familiar to organizations. By working with a managed security services provider (MSSP), public and private organizations can have a partner that understands the needs of businesses and government entities. They can provide all or some of the needs for optimal cybersecurity that includes:

  • Ongoing network monitoring and scanning services
  • IT infrastructure assessments to map architecture and uncover cybersecurity vulnerabilities
  • Network architecture review for design optimization and resiliency against ransomware attacks
  • Support for training and awareness programs
  • Ransomware endpoint protection tool implementation
  • Analytics and reporting support
  • Cloud services and migration support
  • Security Strategy planning
  • BCDR strategy, planning, implementation and monitoring
  • Technology consulting and implementation
  • Regulatory compliance

Modern businesses have complex IT structures in the digital age. The right MSSP brings the expertise and tools while also taking the time to learn the business and organizational environment. Cybersecurity and ransomware readiness are ongoing challenges with constant change. Cost-effective security expertise from an MSSP can help your organization meet those changing needs and provide proactive security that protects the organization its system and data.

In today’s day and age, you can never be too prepared. Contact EE Computing for your free vulnerability assessment to better understand your risk and prepare your business. And in the worst-case scenario, if you’re already experiencing a Ransomware infection, contact us for rapid and affordable remediation services!