Ransomware is turning out to be the biggest cyber threat of the decade. A recent example of a large-scale attack on a big corporation such as Colonial Pipeline shows how the attacks can affect the general public. Thousands of drivers across five states of the USA were fuel-less for days while Colonial brought its key systems back online, and American Airlines had to change its flight schedules temporarily due to fuel shortages.
Colonial learnt from the attack that, despite paying DarkSide’s ransom demand, it was quicker to use its own backups for recovery than the cyber gang’s decryption key to bring its critical systems back online.
What the incident reminds us is that having a ransomware response plan is vital to the recovery of mission-critical systems and, ultimately, of surviving an attack.
Ransomware response as an aspect of disaster recovery
A ransomware response plan usually forms part of a broader disaster recovery plan, which protects business owners from extended downtime and resulting financial loss. It also protects businesses from the reputational damage that comes from inconveniencing clients when a data leak happens as the result of a ransom demand not being paid.
Once a DR plan is in place, it’s a matter of testing it every few months and tweaking it to suit any changes that may have occurred.
Disaster recovery (DR) as an aspect of business continuity
Ransomware response is one element of a DR plan and a DR plan is, in turn, one aspect of business continuity (BC). Both take time to tailor to your particular business.
When developing a BC plan, there are four things worth thinking about:
1. Cloud backup and cyber security all in one
Backup alone is no longer a safe bet. Cyber attacks, including those using ransomware, have become so sophisticated that you now need a combination of backup and cyber security to cover all bases in your protection. Being able to detect activity before it becomes a threat is the best way to protect your systems and data at once.
2. Automation
Some app recovery tasks are complex and can be automated to reduce recovery time objective during a crisis. Also, automatic software updating such as patch management strengthens your cyber security – you’re way less vulnerable when your apps and operating system are fully up to date.
3. Disaster recovery as a service
Disaster recovery as a service (DRaaS) gives you the cloud benefits of scalability, lower costs, structured self-management and, most importantly, quicker response time to a cyber attack.
4. Frequent revision of plans
Regularly reviewing your ransomware response and disaster recovery plans and keeping up to date with new technology helps you stay abreast of what’s changing, not only within your business but in terms of what the rapidly advancing market can offer you.
What every business needs is a tailor-made business continuity plan to suit its particular setup and level of risk.
IronTree provides a host of options to help you out with DR and BC