Whether you run a small business or a large business, you know that a ransomware attack can be devastating. Did you know that these 3 common misconceptions could give you a false sense of cyber security? Listed below are 3 of these misconceptions and what you can do to address them, and in turn, be more cyber secure.
- Paying the ransom will be the quickest way to get your data back
This is one of the biggest and most frightening misconceptions out there. So many businesses do not take the precautions they should, because they think they can just pay for a decryption key and get their data back. The problem with this thinking is that you can’t always trust that the decryption key will work. Sophos’ “State of Ransomware 2021” survey found that only 8% of those organizations who paid the ransom received all of their data back. If this is the basis of your cyber security strategy, you need a new strategy.
- Backing up your data will make you immune to ransomware attacks.
This misconception has some truth to it; however, you need to understand that all backup plans are not the same, and not all ransomware is delivered in the same way. Ransomware criminals have evolved their approach to how ransomware is delivered. They know you will be less likely to pay if you can restore from your backups. This is why cyber criminals ensure that they target backups stored on your network and in the cloud. If they encrypted your backups, then this plan will also not work. The better backup strategy is to use something called 3:2:1. In this strategy, you have 3 copies of your data: the Production data and 2 backups, with 1 of those backups being offsite and offline. This strategy ensures you have a clean back-up to restore from, the problem is, those ever-evolving cyber criminals have learned the double extortion technique. With double extortion, the cyber criminals not only encrypt your files, but they also steal copies of your data and threaten to expose it if your organization doesn’t pay the ransom. Now you are no longer paying to get your data back, but rather paying to keep it from being exposed and causing further harm.
- Once the ransomware attack is over, it is over
Sadly, this one couldn’t be further from the truth. When it comes to weather, we say that lightning doesn’t strike twice, but when it comes to cyber attacks, cyber criminals love to target the same organizations repeatedly. For one, they know they can get in: If they got in once, and you did nothing to upgrade your cyber security, they will come in again the same way. The cyber criminals also know that if you are willing to pay once, you will pay again and again.
The other problem is that cyber criminals are often lurking undetected on your network long before the ransomware demand is made, long before your cyber security team has noticed. Cyber criminals can spend months inside your network learning where the most valuable data is kept, and how to access it. They can install “back doors” into your network, so that long after you think the threat has been eliminated, they come back in and launch another cyber attack. The UK’s National Cyber Security Centre published a blog post about how one company, after restoring their network from the purchased decryption key, did nothing to identify the root cause of the attack or ensure they had secured the network, and so they were hit by ransomware again from the same cyber criminals. If you are attacked by ransomware, a thorough investigation must be undertaken before you can even begin to think about restoring your data if you want to ensure you are not attacked again. Passwords need to be reset, hardware needs to be cleaned, and vulnerabilities need to be remediated.
So, what does your organization need to do to adequately protect itself from ransomware? While having offsite backups are a good place to start, they alone are not enough. In addition, you need to think about,
- Cyber awareness education is also needed to teach employees how to avoid unknowingly downloading ransomware onto their computers.
- Endpoint protection strategy to block viruses, including ransomware, from getting into your network in the first place
- Intrusion detection system that can alert you to anomalies can also help you prevent an attack.
- Vulnerability and remediation management to ensure your systems are patched in a timely manner