ransomware in

(Source – Shutterstock)

Ransomware resilience derives from good planning

Article written by Calvin Hoon, Regional VP, Asia, Rubrik

You don’t need me to tell you what a ransomware attack could do to your business. We’ve all read the stories. Even the largest multinational businesses have been brought to a halt by malware encrypting or stealing sensitive data. The result is a Hobson’s choice for IT managers: pay a cyber criminal the demanded ransom or face costly downtime, reputational damage, and regulatory scrutiny.

Just last month, a cybersecurity team discovered that a Malaysian point of sale (POS) and management software provider experienced a data leak. The server located in Singapore was not secured with passwords or encryption, which exposed data belonging to 1 million Malaysian customers. The failure to proactively stop these threats continues to prove costly. As the old saying goes, time is money, and over half of Asia’s organizations agree that downtime in the wake of attacks has tremendous consequences and would rather pay the ransom than halt operations. According to estimates, the impact on revenue per hour was revealed to run from anywhere between US$100,000 to US$5,000,000.

Thankfully, the fate of your business is in your control. Ransomware attacks aren’t always random. Like many crimes, perpetrators deliberately target the vulnerable. Your job is to make sure that your organization’s data is immutable and should the worst happen, you’re well prepared to withstand even the most sophisticated cyber attack.

What not to do

Don’t let disaster recovery planning become a once-a-year checkbox event. Recovery plans need to be current and agile. Cybercriminals are constantly evolving their methods and innovating their attack strategies. Old plans that aren’t revisited can leave you at risk. The question that needs to be asked is: “do you have an up-to-date data security plan in place for when a ransomware attack happens?”  Threat actors will jump at any sign of weakness to plant their code, and coming up with a plan to defend against it is only half the battle. The plan needs to be regularly updated and thoroughly tested to ensure you are in a fit state to combat ransomware.

5 steps to a rock-solid ransomware plan

Calvin Hoon, Regional VP, Asia at Rubrik

Calvin Hoon, Regional VP, Asia at Rubrik

Draft a plan – Don’t wait for conditions to be just right to create your plan. Perhaps you’re waiting for a stakeholder to free up time or a digital transformation program to dedicate more resources to the project. It’s easy to find reasons to delay a plan, but all of these reasons give cybercriminals more time and more opportunity to find a way into your valuable data.

Effective ransomware plans should always be a work in progress, evolving and adapting with your business.

Document and communicate – In 2021, organizations across the Asia Pacific were attacked at an alarming rate. In India, 80% of organizations had their data encrypted by cyber threat actors and were locked out from business operations. This number stood at 65 percent among Singaporean organizations, according to the same survey. The need to have an effective plan is critical, but a plan cannot work if it cannot be implemented. That means it must be written down, shared with the right people and teams, and stored somewhere easily accessible. Once you have put pen to paper on a plan, talk it through with internal stakeholders, listen to their feedback, secure necessary approvals, and then ensure everyone understands their role in the event of an attack.

Once the plan is approved, make sure you keep an easily accessible copy of it somewhere safe. There’s no sense in having a ransomware recovery plan if it’s encrypted by the same malware it’s supposed to help you recover from. An online storage service is your friend here, or a secure server housed somewhere off-site.

Prioritize your assets – An essential part of planning involves prioritization. What are the most important applications? Do they depend on other parts of your IT estate? Which data is most sensitive and how will you manage stakeholder relations in the event of a breach?

When it comes to ransomware recovery, it pays to act fast. The Ministry of Communication and Information of Singapore has issued advisories for businesses as they are aware that ransomware attacks are on the rise. Through the Singapore Computer Emergency Response Team (SingCERT), there is an emphasis for businesses to better prepare themselves so they are able to recover and resume business operations quickly.   In order to recover quickly, your business should identify business-critical assets and create backups of your data and operating systems. The faster you can restore business-critical applications, the sooner your  business will be up and running again. This is a key period where the organizations’ reputation can be won or lost during the crisis.

Road-test your recovery – Traditional disaster recovery exercises rely heavily on role play and theoretical scenarios, but oftentimes fail to factor in real life variables. A healthy dose of imagination is needed to appreciate the urgency of a ransom attack. These exercises are unlikely to prepare you for the stress of an attack, nor provide actionable insights into where your plan needs a tweak, or how you can train your team to respond to unanticipated events.

Thankfully, it’s now possible to simulate a ransomware event in a live environment. Using sample data sets, you can put your recovery orchestration plan through its paces, get a better view of how unexpected variables might affect recovery times, and ensure your plan is bomb-proof.

Start preparing now – With the ever-growing threat of ransomware attacks constantly looming, organizations must prioritize creating a dynamic plan to keep their operations up and running in the event of an attack. Devise a plan, work with stakeholders to get approval, and don’t let feedback cycles or competing priorities slow down the implementation process.

The best-prepared IT and security departments understand the importance of this and adopt a nimble approach. They start small, iterate, and improve. The plan is tested and amended at regular intervals and presented anywhere in the business that may be affected by a breach. In the event of an attack, the team is well trained and prepared to respond.

Ransomware attacks are a sad fact of corporate life. But with the right preparation and tools in place, IT security leaders can manage the threat and ensure a swift recovery.

The views in this article is that of the author and may not reflect the views of Tech Wire Asia.