How to prepare client companies for ransomware attacks

Ransomware is a constant aspect of the IT landscape but isn't always seen as a priority. IT service providers can help their clients mitigate the risk.

By

Josh King, Guest Contributor

Published: 27 Apr 2020

Headlines covering the latest ransomware attacks seem to be everywhere. Enterprise-level companies, SMB companies, healthcare organizations, government agencies, retailers -- ransomware has struck every type of business across almost every sector.

So why do some businesses still treat ransomware like an outlier threat?

One problem is that discussions around cyber-risks are sometimes seen as fear mongering, particularly when executives are already nursing a case of cyber-risk fatigue. But IT experts who monitor the evolution of ransomware attacks know the threat is more than a trendy news story -- it's today's reality.

Another challenge is that harried IT departments want to simply stand up some anti-ransomware technology and call it good. But effective ransomware defense and recovery strategies aren't all about tech. Translation: there's more work to be done.

That work is around two other vital components that IT service providers and end user organizations alike must also consider: people and processes.

If you want a reasonable chance of preventing a ransomware attack and, perhaps more importantly, of recovering from an attack should something slip through your defenses, then each of those buckets -- people, technology, and processes -- requires action.

Conduct security awareness training for ransomware

First, acknowledge that your clients will never get everyone to stop clicking on suspicious email links. It just won't happen. Human nature is both curious and trusting, at least when it comes to messages that kind of look like they might be from someone you met at a conference a couple years ago.

Knowing that you can't prevent every unwanted click, the goal instead should be to work toward fewer clicks and shrinking your overall risk envelope with security awareness training.

Training gets you toward that goal. Show users how to spot untrustworthy links. Educate them on ways to verify if a return email address is legitimate or spoofed. Then, give them clear direction on what to do if they click on something they shouldn't have. This way you'll at least have a head start on stopping a possible ransomware attack before it has a chance to get its hooks into your environment.

Prevent ransomware with proper security tools

As annoying as ransomware is, it's actually a complicated process for a device to actually become infected. That paradigm pays off with a lot of different ways to disrupt the kill chain before it causes unrecoverable problems. A ransomware attack requires a number of steps -- starting from opening email with a ransomware link that infects a single machine -- before it brings your company to a grinding halt by propagating across an entire network,. Has IT done enough to disrupt that chain?

If not, take heart in knowing that you have a slew of low-hanging opportunities to break the ransomware kill chain and make it much more difficult for an infection to damage a client's business. The most effective technology solutions focus on three key areas:

Email security. The right products can block corrupt emails before they ever hit employees' inboxes. This is especially important when you look back to the people factor of your three-pillar foundation and remember that you will never, ever prevent 100% of ill-advised clicks. So even if someone opens an email from that long-lost colleague they met only once, a robust email security platform can put the brakes on a potential ransomware infection.
Endpoint security. If your email security strategy doesn't stop a ransomware attack, a well-designed endpoint security solution can step in to do the dirty work. When endpoint security technology is implemented and configured correctly, essentially everyone and everything must pass through it. An email that doesn't pass the ransomware sniff test will be stopped and quarantined.
Containment. Proper segmentation can still prevent an all-out ransomware attack, even if an email and its associated malicious files make it through other defenses. A strategy with segmentation at its core will maintain a protective perimeter around the most valuable data. It will enable you to stop the encryption of the assets that power core business systems. Segmentation offers a way to maintain operations even if a lot of other things go wrong during a ransomware attack.

Improve ransomware attack processes

Internal processes for dealing with a potential ransomware attack should be structured to bring people and technology into harmony to help you manage the evolving threat landscape. Consider how well-developed processes give you a leg up on dealing with ransomware:

Quick recovery following an infection
First steps in place to restore operations
Contacts available to support recovery efforts
Cyberinsurance coverage to help the business get back up to full speed

A couple of anecdotes illustrate how different approaches to ransomware defense and recovery have worked in the real world. The first is the city of Atlanta, which suffered a devastating ransomware infection that revealed a weak recovery strategy and a significant lack of planning. Operations were seriously disrupted while the attack was occurring and, three months later, a notable portion of the city's technology platforms continued to operate at a diminished capacity or were still offline entirely. Key data sets, including those related to law enforcement and legal proceedings, were permanently lost. The city's environment was too flat, they had little to no segmentation in areas where it mattered, and their recovery efforts were haphazard and poorly orchestrated.

In contrast, the ransomware attack experienced by Maersk logistics demonstrates just how valuable a strong recovery strategy can be. The shipping giant suffered an outage that was both huge in scale and quick in execution -- somewhere along the lines of 50,000 assets were encrypted in only 30 minutes. Though the enterprise also had a nearly flat network and the immediate effects included a widescale disruption of their corporate operations, Maersk's backup and data protection strategies were solid. The organization's thoughtful approach enabled them to completely recover their entire environment in just 10 days and no long-term data losses were reported.

A ransomware attack can cause show-stopping problems for businesses. But there are ways to avoid that pain with simple steps to make people more knowledgeable, processes more powerful, and technology more effective.

About the author
Josh King is the director of security solutions at Carousel Industries. With more than 20 years of experience in the industry, Josh is responsible for charting and executing Carousel's customer-facing cybersecurity strategy. With a career that began in operations support, where customer satisfaction is the number-one priority, Josh understands that balancing user experience and manageability, with risk mitigation and overall security posture is crucial to a successful practice. As director of security solutions, Josh helps both customers and colleagues alike make sense of the broad and sometimes confusing landscape of cybersecurity and arms them with the knowledge and tools to deliver effective business outcomes. His enthusiasm and excitement for not only the cybersecurity industry but technology in general shines through with every engagement he is a part of.

Next Steps

Local government ransomware attacks and how MSPs can help

Dig Deeper on MSP business strategy

Westcoast picks up Spire
Distributor Westcoast adds components specialist Spire to bolster the portfolio and add more depth to the Group
Channel explainer: How apprenticeships can ease the skills crisis
Is developing your own talent the answer to the growing skills gap? What are the benefits of working with young people? And what ...
Five-minute interview: Cristina Bentue, IriusRisk
The latest to share some personal insights is Cristina Bentue, co-founder and chief operating officer of cyber security player ...

3 Keycloak authorization strategies to secure app access
Keycloak, an open source IAM tool, offers authorization methods, including RBAC, GBAC and OAuth 2.0, that limit what users can ...
CrowdStrike extends cloud security to Mission Cloud customers
CrowdStrike Falcon Cloud Security and Falcon Complete Cloud Detection and Response (CDR) will be made available through the ...
Optimize encryption and key management in 2024
Enterprise Strategy Group research highlighted the encryption challenges enterprises face, including lack of encryption, ...

Cyber-resilient storage a final defense against ransomware
Features to enhance storage cyber resiliency should be table stakes for buyers, experts say. But enhancements are needed to stave...
Hammerspace reaches everywhere with erasure coding
Hammerspace has sped up its global file system everywhere it touches, even on white box hardware, with the addition of erasure ...
Could AI be the killer app for cold data?
Enterprises are beginning to use cold data they still need to store as a way to train AI models and gain more value from data ...

Is network automation adoption necessary?
Automation is not a one-size-fits-all strategy for every network problem. Enterprises must examine their network's needs to ...
How SD-WAN for home offices supports remote work
The market maturation of SD-WAN is leading companies to consider extending the technology to remote workers. Companies should ask...
The role of generative AI in networking
As networks grow more complex, generative AI emerges as a tool that can help network teams with a wide range of tasks, such as ...

Cloud Computing

10 cloud vulnerabilities that can cripple your environment
Enterprises can be devastated by security-related weaknesses or flaws in their cloud environments. Find out where you are most ...
Learn the basics of industry cloud platforms
Healthcare, finance and other specialized industries can ask a lot of cloud services. Find out more about industry cloud ...
Compare ESG tools from AWS, Azure and Google Cloud
ESG standards are beginning to influence how large enterprises procure and consume cloud services. Take a closer look at the ...

Data Management

Collibra launches AI Governance, unveils GenAI capabilities
The vendor's AI Governance suite enables users to ensure the quality and security of AI models while new GenAI features let them ...
Coalesce raises $50M to expand data transformation platform
The startup's new funding is a vote of confidence from investors given how difficult it has been for technology vendors to secure...
Aerospike raises $114M to fuel database innovation for GenAI
The vendor will use the funding to develop added vector search and storage capabilities as well as graph technology, both of ...

Business Analytics

AI-fueled efficiency a focus for SAS analytics platform
The vendor's latest product development plans include an AI assistant and prebuilt AI models that enable workers to be more ...
Customer segmentation analytics evolve with GenAI, ML
GenAI, machine learning and advanced analytics techniques automate time-consuming aspects of customer segmentation, freeing up ...
Google Cloud to inject Gemini into data, analytics tools
The tech giant unveiled integrations between its LLM and BigQuery, Looker and its databases to provide customers with a ...

Close