Cyber Security is complex. So it is no surprise that companies get hit by major IT disasters due to cyber security incidents.
Cyber security vendors often make things very complex. Too complex. Often they sell a lot of crappy expensive security software with security management cockpits and promise that all your risks are mitigated. However being hit by ransomware is no joke.
Ransomware is malware that prevents you from accessing your information. The computer itself may become locked, or the data on it might be stolen, deleted or encrypted.
E.g. during the 2017 WannaCry ransomware attack many organizations worldwide simply stopped working. We depend on automation: No company can do business without working information systems. Paying money to attackers to get back in business is a bad idea. Do you really trust the criminals that did this to your company?
Solutions for ransomware can be very expensive. This is due to a lack of knowledge of many stakeholders that get involved when it comes to procurement for security software in large companies. This does not account for your company of course…Unfortunately a lot of fads regarding cyber security solutions are told and sold. Most of the time by companies with large interest in taking some of your revenue.
To be clear: Every claim for a solution that states it can prevent ransomware disasters is a lie. There is always a risk. And there is no perfect simple technical solution for this very complex problem.
Ransomware is a very advanced software technology nowadays. Ransomware is also a growing threat that seems even more difficult to mitigate. However this is not true.
There is still a very simple and solid solution to be more resilient for ransomware attacks. Cyber resilience means minimize the damage in case you get hit by a cyber security incident like ransomware. The simple solution is:
Train, train again, and train one more time
You need to train your recovery procedures. The key to be resilient for ransomware is to create backups and to train your disaster recovery procedures. You should train frequently, so frequently that everyone gets bored. And continue training till it really is boring shit work for all stakeholders involved. But it must be done. And it is the cheapest and simplest way to be more resilient when a ransomware disaster hits you.
So in case you get hit by ransomware after all those trainings, you disconnect all systems and devices and follow your idiot proof tested recovery plan. And of course you follow key open security principles when creating this plan. This to ensure all your IT systems and components can be trusted again.
The key action to mitigate ransomware attacks is to ensure that you have up-to-date backups of everything that is important. So do not only backup information, but make also backups of everything that is needed to build up your systems from scratch again. Training is needed to validate that your recovery procedures and all backups work. Even in case of a real disaster.
Creating a solid backup strategy is no rocket science. It is simple boring work that just must be done. But please: Besides online backups also ensure that working backups are available offline, so backups separated from your network. And never ever fully trust a cloud backup solution, since you will not be the first who will find that every backup that is connected to a network is encrypted by ransomware too.