Shifting From Ransomware Detection to Prevention

November 18, 2019
| |
3 min read

Imagine this: You’ve worked tirelessly over the past month to create a video tribute for your best friend’s wedding reception. You’ve added the right pictures, overlaid it with music to create nostalgic memories of your friendship, and edited it to perfection. The couple has ensured they have every detail taken care of, from selecting the perfect venue to choosing an outstanding menu. Your video tribute will be the “icing on the cake” and the last touch to finalize their perfect day.

Just when you are about to kick your feet up and toast the completion of the video, you save the video file and an odd message pops up: “The files on this laptop have been encrypted. Submit payment within 48 hours or your files will be destroyed!” That perfect day just took a downturn because you’ve been hit with ransomware.

Now imagine how easy it could have been to get infected with the same malware at work. Businesses can encounter similar scenarios — but they have way more at stake. Ransomware attacks can disrupt business operations, causing companies to experience hours or even days of downtime, and possibly cause the business to completely shut down.

So how can you help prevent a ransomware attack? Prevention is no easy feat, but some steps can be taken to reduce the risk of opportunistic attacks. In a recent Enterprise Strategy Group (ESG) study, “Incident Readiness Trends: Do Confidence Levels Match Preparation Efforts?,” 80 percent of cybersecurity decision-makers report that their organization has already engaged in ransomware incident readiness activities, making sure they have a plan in place in case an attack does occur.

Download the full infographic.

However, if ransomware is already in your environment, there are a few remedies available. An attack of this sort on company networks can affect thousands of devices, be costly and certainly disrupt business. Review these recommendations to learn about steps your team can take to mitigate the risk of an attack. If you can implement these tips, you should have a better chance of shifting from detection of ransomware to readiness and response.

Build a Security-Aware Culture

Ransomware is another type of malware among many others, and it can spread widely starting with a mere human error. For example, this could happen with an employee falling prey to social engineering techniques that encourage them to open a malicious email. By training employees or users to identify suspicious emails, enterprises can significantly reduce the probability of ransomware infections.

Ensure You Have Backups

A consistent defense against ransomware includes having backups — and more than just one. Backup redundancy and keeping backups both offline and in the cloud, then testing them periodically, can help with recovery plans if an attack ever affects the business.

Backup runs should occur frequently and have a tested restore process. Companies that back up their data can minimize the impact of ransomware attacks since only hours of data are lost instead of months or years. The backup should also be tested on a periodic basis to ensure it can restore all files and asset configurations in their uninfected state.

Embed Threat Intelligence

Monitoring your network can provide you with a second set of eyes within your security environment. However, monitoring technology and tools are only as good as the information feeding into it. Having the latest threat intelligence is vital if you want to get better at spotting a looming ransomware attack, stay up to date as ransomware evolves, and learn current tactics you can use to prevent this sort of infection from spreading.

There is no “magic strategy” or one-time solution to stop today’s threats. Although you might take every possible precaution to prevent ransomware from accessing your network, your defensive strategy may not be completely threat proof. This is why it is vital for organizations and their security teams nowadays to be proactive and take steps to detect ransomware on time, contain it, manage response and have a recovery plan in place. This overall strategy can help significantly reduce the potential impact of such attacks on your business.

Download ESG’s 2019 Incident Readiness Trends Report

Lorielle Paulk
Product Marketing Manager, X-Force IRIS

Lorielle Paulk, Product Marketing Manager for IBM X-Force Incident Response and Intelligence Services (IRIS), is responsible for defining and executing the s...
read more