3 Steps for Improving Your Ransomware Response

Organizations such as governments, educational institutions and nonprofits have the responsibility to protect the data they hold, and safeguard their systems. This can be challenging as technology changes in size and complexity, and as resources and workforces become more limited. Organizations must remain vigilant as outside parties may attempt to gain unauthorized access to sensitive data through ransomware.

Ransomware is a form of malware that seeks to prevent access to an organization’s data and information systems unless they pay the outside party a ransom. These attempts are typically opportunistic in nature, targeting end users through emails, embedding malicious code within websites or gaining access through unpatched systems. Ransomware can cost organizations a significant amount of resources in response and recovery, as well as impact their ability to operate.

So, what are three steps an organization can take to improve its ransomware response?

Step 1: Establish the Ability to Recover

Organizations that can effectively back up and restore data to a specific point in time significantly reduce ransomware’s impact. That’s important whether you’re on premises or in the cloud.

Backing up your data ensures there’s always a copy available. Consider what the frequency of your backups needs to be – as it could be more regular for sensitive data. Then, with disaster recovery, machines are replicated in a secure, reliable environment. There, they’re constantly refreshed and sit ready to deploy automatically within minutes of an emergency, like an instance of unauthorized access or crash.

If you’re on premises, look to services like CloudEndure Disaster Recovery, AWS Storage Gateway or third-party integrations with AWS S3 and AWS S3 Glacier for these tools.

Step 2: Migrate and Mature Preventative Security Controls

Once you have the ability to recover from a ransomware attack, you can then turn your attention to preventative controls. Rather than attempting to identify, evaluate, purchase, implement and maintain these controls in a traditional on-premise deployment by themselves, agencies can migrate IT workloads to cloud environments for substantial benefits.

In the cloud, customers can use services such as identity and access management (IAM) to securely manage identities, resources and permissions to critical systems and data through strong authentication capabilities. Patch managers can automate patching, ensuring system vulnerabilities are stitched up in a timely and consistent manner. Virtual private clouds (VPCs) can segment the network to improve performance and security.

Step 3: Implement Mitigation and Detective Controls

While preventing ransomware attacks altogether is the goal, there is no single silver bullet available. As such, implementing tools to detect a potential or active attack – or mitigate an attack’s impact – has tremendous value.

To help identify such threats, threat detection services, like Amazon GuardDuty, continuously monitor and correlate activity for malicious or unauthorized behavior to help you protect your accounts and workloads. Machine learning, anomaly detection and integrated threat intelligence identify and prioritize potential security events.

Ransomware is evolving, but so can your security awareness and preparedness. Agencies, educational institutions, nonprofits and businesses around the world must keep their systems and data secure with a sound cybersecurity program. Using the services we’ve talked about and the three outlined steps, you can take proactive measures to reduce the likelihood and impact of ransomware in your IT environments.

This article is an excerpt from GovLoop Academy’s recent course, “3 Steps for Suriving Ransomware,” created in partnership with AWS. Access the full course here.

Leave a Comment

Leave a comment

Leave a Reply