Insight and analysis on the information technology space from industry thought leaders.

Key to Stopping Ransomware Attacks: Unified Response

New strains for stopping ransomware attacks reveal the protection gaps that emerge when your cybersecurity and data protection strategies are not unified. Here's why the silos need to end, and how to make the transition.

ITPro Today

June 21, 2021

4 Min Read
Photo-of-woman-and-man-pointing-to-cybersecurity-logo

Ransomware infections continues to cause concern and chaos across the globe. While recent headlines center on how the cyberthreat has crippled critical infrastructure – from Ireland’s health system to the U.S. energy sector to the international food supply chain – every organization is at risk. Last year 31% of companies reported being attacked at least once a day and that number is only expected to climb throughout 2021.

Stopping ransomware attacks and responding to this ever-evolving threat requires more than just effective technology. The people charged with safeguarding a company’s data, applications, and systems also need to re-examine their roles and processes to ensure they are strategic and seamlessly work together.

That means the IT and the latest cybersecurity teams that have historically worked in parallel – sometimes at arms’ length – must come together and unite.

Why IT and cybersecurity must unify

In a recent interview on NBC’s The Today Show following the JBS breach, former Director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) Christopher Krebs highlighted the need for this collaboration between disciplines. “It’s clear that every company out there needs to improve their security posture, but most importantly their business disruption policies … Every single corporate executive needs to be convening their cybersecurity teams and their business resilience teams today.”

Why? Because the challenge facing these teams is that stopping ransomware and modern ransomware strains such as Conti and Locky target the backup files and software that IT teams rely on for recovery. Some of these strains specifically encrypt backup files to prevent the organization from restoring systems, forcing them to pay the ransom. Even if the payment doesn’t reach the $11 million paid by JBS, the financial damage from the downtime caused by such attacks can be devastating.

Others ransomware strains are more patient, laying dormant for weeks or months to ensure the various types of malware are backed up alongside the normal encrypted files. Then, when the teams try to recover after an attack, reinfection is guaranteed. That makes clearing the organization’s systems a nightmare for the cybersecurity team and significantly extends the company’s downtime. As a result, the idea of paying the ransom to minimize downtime becomes a more attractive option.

Unless the data protection and cybersecurity teams of these organizations work together to create smarter protective measures and processes to combat the threat, they will inevitably become a victim.

Uniting SMB cybersecurity and data protection

While SMBs might think they are too small to be targeted, they are mistaken. The increased use of automation by cybercriminals means it takes no effort on their part to target any organization – all of which have bank accounts. As a result, no business can rely on being too small or insignificant to escape the attention of attackers.

Larger organizations may have distinct teams dedicated to data protection and cybersecurity who can be directed to start working together and intend to stop ransomware attacks, but small or medium-sized businesses (SMBs) might not have as clear a path to unifying those capabilities.

Part of the problem is that the traditional backup solutions MSPs and SMBs rely on cannot offer enough protection because they are vulnerable to these new threats. At the same time, cybersecurity without integrated backup leaves organizations unable to recover quickly, thoroughly, and securely.

Whether an organization relies on a managed service provider (MSP) for their IT or they have an in-house administrator, a new approach is needed. The emerging field of cyber protection handles the issue for these SMBs.

Cyber protection looks to integrate data protection, cybersecurity, and endpoint protection management in one. This integration streamlines efforts for the MSP or admin while ensuring the backup software can defend itself against the attacks that would otherwise disable or corrupt its agent, or encrypt the files it creates.

By uniting backups and cybersecurity, unique capabilities are also enabled. These include the automated removal of multiple types of malware from backups before restoring data or the instantaneous recovery of any files affected during a ransomware attack.

A unified response to modern threats and stop ransomware attacks

Recent attacks may require the IT and cybersecurity teams of the corporate world to closely coordinate their efforts rather than vie for resources and support. The silos have to stop to prevent ransomware attacks.

For small and medium-sized businesses caught in the crossfire, the best defense their admins and service providers can take is to adopt strategies that go beyond simple backup or cybersecurity. The integrated, holistic approach of cyber protection ensures the latest threats do not reach the endpoints and data they have to defend.

Data-protection-and-cyber-security-Venn diagram

Cyber Protection_0

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like