When Ransomware Attacks - Be Prepared to Attack Back
Ransomware can be an unfamiliar term. But after 2020, more people have heard of it than ever before. Dare we say it’s approaching household-word status due to high-profile incidents last year? Although IT security threats have always been part of online systems, bad actors are getting more creative and destructive, making them more impactful to organizations. These days, it doesn’t take experienced hackers long to shut down your systems and ruin your company’s reputation. But organizations are getting savvy and fighting back—often with the help of a good Managed Services Provider (MSP) at the heart of their defense.
Part of the problem is that remote software used by managed IT services and in-house IT managers has become a common “way in” for those who mean harm and believe you’ll pay to get your data back—even if your company’s data isn’t useful to anyone but you. As a result, it’s more important than ever to choose the right MSP. This article provides the background of these threats—and provides advice to help your organization “attack back”!
Ransomware Attacks are Rising — Traditional Antivirus isn’t Enough Anymore
According to a report from Harvard Business Review, ransomware attacks increased 150% in 2020 as compared to the previous year. And the amount paid to get data and network control back from the attackers has increased 300%!
Small to medium-sized companies are often the most vulnerable because they often depend on less-sophisticated or outdated MSPs and programs. Attackers know a loss of data could destroy your small company and you might pay a large ransom to keep it from happening. They may avoid larger companies that are more likely to have strong protections in place, with in-house professionals who keep a close eye on suspicious activity.
Prime Communications Inc.’s Solution Engineer, Justin Ekstein, urges every organization to take a fresh look at network security as soon as possible. He said, “At this point in the evolution of hacking and ransomware, there is no doubt what was good five years ago is no longer good. But the good news is you can fight technology with technology!”
In addition, Ekstein said, companies need to get serious about the human side of security. It’s no longer enough to install a firewall and let it run. “Automated programs help with early detection and auto responses, but human eyes should be on your network 24/7 to detect subtle suspicious activity before it becomes serious,” he explained.
IT threats have become more complicated due to the expansion of network technology—nearly every network now includes personal devices, freestanding applications, and automated connections that provide new “ways in.” Below are some of the highlights of the new nature of IT threats, followed by exciting new technologies and strategies you can use to overcome these issues:
Mobile devices with connections to your corporate network provide both a physical risk (when phones or tablets are lost or stolen) and a digital risk (through saved passwords and automated connections, among other things).
Old Antivirus Systems
Old antivirus systems focus on the software hackers are installing. They detect what they see as “a bad program” and then remove the program. However, by that time the damage may have already been done. Earlier detection is needed. MSPs that haven’t stayed up to date with their hardware, software and services expose your organization to the dangers of new threats.
Email Security Gaps
Email security gaps are more important than ever to understand and fix, because 90% of viruses and threats come through email daily. Although today’s email users have more experience than they used to and often can easily detect potential threats, it’s still not uncommon to mistake a bad email for a legitimate communication and click a link that suddenly exposes your entire organization.
Outdated Cloud Solutions
Outdated cloud solutions might be running on old systems that aren’t being backed up. It is surprising, Ekstein said, but even reputable MSPs may not be backing up your information. “Your cloud solution’s ability to deliver security depends on the vendor you’re working with. Some MSPs give you Microsoft solutions right out of the box, for example, which puts everything—email, documents, Sharepoint—on one drive. And they may be retaining your information for only 30 days after deletion, because that’s what the standard used to be.”
Old or Nonexistent Recovery Plans
Old or nonexistent disaster recovery plans leave gaps in your organization’s ability to respond, not only to ransomware attacks and other IT threats but to any disaster. Prime knows this first-hand from our own experience with a major flooding event at our headquarters in 2019. We had many systems in place that helped us recover, and we learned new strategies from our direct experience that we are now sharing with customers. Think about how quickly you’ll need your information back after a disaster and how the loss of data will affect your clients. Will your current plan make it possible to recover?
Untrained personnel can make any threat worse, because, when your systems detect a threat, it’s imperative to act soon and do the right things.
Tools to Outsmart Ransomware Thieves
Awareness of the issues listed above (and others) is the first step to “attacking back” against ransomware and other IT threats. However, you must take the next step to truly build a protective layer around your organization’s data and operations: you must take action. Here are tools you can put in place and actions you can take to attack back:
Layered Security includes a thoughtful, interwoven combination of hardware, software and human oversight of your systems. Ekstein said if any of these three layers is not present, your security strategy will not be effective. If your team doesn’t have the experience to analyze and implement the layers, look for an MSP that is a proven expert in this service.
Endpoint Protection, Detection and Response
Endpoint protection, detection and response are the calling cards of the latest antivirus software. These more powerful programs look at defined behaviors instead of just programs. They identify and analyze typical harmful behavior and distinguish it from harmless everyday actions, so you can detect potential threats earlier.
Email security can be addressed in several ways. Advanced security tools help identify and block new viruses and threats. Training in day-to-day email security is critical to help personnel see what threats look like. “You need to educate your staff at all levels and make their knowledge a part of your ‘security stack’,” said Ekstein.
24/7 In-Person Monitoring
24/7 in-person monitoring should be combined with AI to survey logs and check to see if any activity looks odd or cannot be ignored. Trained experts can make people in your organization aware of potential threats and help mitigate them before they become unmanageable. “AI saves a lot of time,” said Ekstein, “but it also makes decisions based only on data. You need human intervention to make smart decisions.” That may change someday when the technology is not so new, he points out, but we will still need humans to teach AI and show it what is good or bad.
Cloud Solution Agreement
Having a cloud solution agreement with terms and conditions will tell you exactly what you’re getting and what you’re paying for when it comes to backup. If you already have a solution, Ekstein said, check the fine print. If backup and essential services are not accounted for, consider changing vendors and solutions.
Preparedness is the name of the game when it comes to disaster recovery. Take time to write a custom disaster recovery plan and train personnel to respond to disasters appropriately. Ask us about Prime Communications’ safety training partner, Safe Passage Consulting.
Cyber insurance improves your preparedness. Be sure you understand what your policy includes and how benefits will be delivered. It’s not a matter of if you’ll need it these days — it’s a matter of when something is going to happen to compromise your data. Insurance helps you overcome the fallout of your next digital disaster.
MSP Vetting and Selection
MSP vetting and selection is critical to any IT security plan. In fact, your provider can be the glue that holds your entire plan together. Choose a provider that is adaptable and flexible — knowledgeable in a wide variety of security concerns and capable of building a plan and providing tools that meet your unique needs. Don’t tie yourself down with a long-term contract, and make sure your vendor has the financial knowledge and experience to explain the difference between operational expense and capital expense. Your managed services and security expenses should be predictable, without unknown add-ons and surprises.
Meeting the Ransomware Threat Head-On
In today’s ransomware-persistent environment, it’s a requirement to be proactive. That means making sure you have all the tools in place to detect and respond to threats. If you aren’t sure how to bring the pieces together, lean on your MSP. The best providers supply you with a virtual chief information officer (vCIO) who can help you plan technology, think it through, identify what will most benefit your business, and give you a dedicated contact to consult regularly for guidance as a standard part of your plan.
Prime Communications Inc. is a corporate newcomer in this market and is excited to introduce the experts we have brought on board to help us provide the perfect MSP plan for our customers. MSP Director, Brandon Nyffeler, oversees all MSP operations and is joined by Ekstein, who provides expertise in network solution and safety.
With the experience and skill of these two new MSP principals, plus Prime’s proven technical expertise, services and personnel in digital security, integration and network management, we are excited to offer a depth of MSP service that’s hard to beat.