With these 4 (somewhat) easy steps, even if your data is ransomed, recovery will become a matter of days rather than months, your recovery costs will drop drastically—and, bonus, customer opinion won't decline as steeply when the loss doesn’t irrevocably impact their data.
Are you going to be the victim showcased in next week’s release of ransomware news? How does a hacker pick their unlucky contestants? It’s not unlike police trailing a suspect or thieves casing a location. Hackers find individual targets most easily by combing social media accounts of their victims; the past decade’s social media explosion makes sharing one’s info easier than ever—and sometimes we don’t even realize the depths of the privacy we are sharing. Geolocation and pattern analysis combine to paint a fairly accurate picture of daily routines; deducing who has money to spare and lax cyber hygiene makes account subversion a piece of cake.
Corporate targets require a different flavor of investigation; having cyber insurance makes businesses particularly attractive, as the perps know their threats are likely to be paid one way or another. The Securities and Exchange Commission recommends public companies report insurance coverage relating to cybersecurity incidents. This just puts a target on businesses who have already been victimized. Anyone can scan vulnerable attack surfaces by using software like Shodan and its brethren. Checking the internet registry of a company is a simple starting point; unless you’ve paid extra to hide your DNS settings, IP traces can often be cross-referenced to physical locations, which are then socially engineered. Companies who possess data or systems where lives hang in the balance (read: health care, pharma, and insurance) are juicier targets, as denying their data puts a moral or even legal onus on the business.
Insurance companies want a quick solution, especially if their reimbursement clauses include business interruption—coverage for loss of service during recovery times. Paying the ransom may be more expedient than covering litigation and disaster recovery costs. Despite seeming counter to the principles at work, it is frequently the best choice for the business (and the insurer) in terms of offsetting loss of revenue generated by the projected downtime of recovery.
Some argue that once a business pays, it demonstrates a willingness to concede, thereby setting the precedent for future hackers to follow suit; a group of mayors have sworn never to concede even when faced with the numbers supporting payment of ransoms. But they may be onto something, because as ransomware is increasingly successful, the ransoms are becoming increasingly larger, and insurance is something of a guarantee that an attacker will get paid.
Predictive analysis and cyber insurance may be big business, but the single best protection for your data yet remains an off-site, air-gapped backup; but it doesn’t end there. Here are four precautions you can take to foil ransomware demands, enabling you to confidently deny data ransomers:
With these precautions in place, even if your data is ransomed, recovery becomes a matter of days (or even hours) rather than weeks and months, and costs drop in proportion—and, bonus, customer opinion doesn’t decline as steeply when the loss doesn’t irrevocably impact their data. If targets are prepared and nimble enough to take the loss, even if it is more expensive than the ransom, ransomware will become less lucrative, and will diminish as a viable method of attack.
StrongKey's "FIDO Wall" protects a company's most sensitive files from ransomware heists. A "FIDO Wall" can prevent ransomware attacks if you are willing to adapt your behavior when accessing your most sensitive files. Ransomware cannot provide the Test of User Presence (TUP) mandated in the FIDO protocol. See for yourself.
An enterprise Tellaro deployment with StrongKey "FIDO Wall" will be less than 25% of what Colonial Pipeline paid to get their files back—not to mention the untold losses they experienced.