Resiliency is Key Against Ransomware Attacks


Resiliency is Key Against Ransomware Attacks

By Greg Tavarez

Bad actors in cyberattacks become more sophisticated even when new cybersecurity solutions are innovated to thwart them. The one category of attack that demands more attention is ransomware as bad actors are developing new ways to pressure organizations into paying ransom payments, and a successful ransomware attack makes data recovery a challenge.

The concern for ransomware is prominent, but corporate executives do not want to spend on solutions without clear evidence of the improvements being made. This is a reasonable business decision as organizations do not want to shell out for something that has a chance of failing.

However, Info-Tech's findings go against what corporate executives believe. According to Info-Tech, organizations misunderstand the risk scenarios associated with ransomware attacks and underestimate the potential financial impact of an attack. The cost of an attack is more than just the ransom when a deeper look is taken. Recovery costs include detection and response, notification, lost business and post-breach response.

To help IT leaders improve their organizations’ abilities to gain better understandings of ransomware and defend against ransomware attacks in the current climate, Info-Tech Research Group published a new research-backed industry blueprint, Build Resilience Against Ransomware Attacks.

“Organizations need to focus on building resiliency to withstand these attacks instead of solely relying on response and recovery," said Michel Hébert, Research Director at Info-Tech Research Group. “The process of building resilience is like climbing a mountain, requiring time and planning and help from others to overcome challenges and work through problems.”

The firm recommends disrupting the attack at every stage of the attack workflow. This includes putting controls in place to prevent intrusion, improve detection, respond more quickly and recover more effectively.

To start, security leaders need to conduct a resilience assessment, build a risk scenario and determine the business impact. The firm recommends that security leaders conduct a thorough assessment of the current state of the organization, identify potential gaps and assess the possible outcomes of an attack.

After that, security leaders need to reduce the attack surface. According to the firm, this means to analyze attack vectors, prioritize controls that prevent ransomware attacks, and implement ransomware protection and detection.

Finally, security leaders are recommended to go through a respond-and-recover step. This requires them to visualize, plan and practice ransomware response and recovery to reduce the potential impact of an attack.

Going back to what Hébert said, organizations need to become resilient against ransomware. Following the blueprint provided by the firm allows organizations to focus on what is in their control and cultivate strengths that allow them to protect assets, detect incursions, and respond and recover quickly in the future.

Edited by Alex Passett

MSPToday Editor

Related Articles

GFI Software Named a Platinum Sponsor for MSP Expo 2023, Part of the #TECHSUPERSHOW

By: TMCnet News    1/31/2023

MSP Expo is the premier conference and networking summit for MSPs. This is where MSP business owners and technology specialists share strategies to gr…

Read More

Pioneering Technologist Klaus Dimmler Named Pax8 Chief Science Officer

By: Arti Loftus    1/30/2023

Pax8 announced a newly created position, Chief Science Officer (CSO) - as part of the company's mission to bring transformational cloud solutions to t…

Read More

Advanced MSPs Are Helping Law Firms Embrace Cloud

By: Reece Loftus    1/30/2023

This is the perfect time for law firms to embrace digital transformation and to take full advantage of automation for operational optimization.

Read More

Iron Bow Ramparts Cybersecurity Portfolio with GuardSight

By: Greg Tavarez    1/30/2023

Iron Bow is set to deliver holistic zero trust cybersecurity solutions with its acquisition of GuardSight.

Read More

Grain Expands Activity in Managed Services Sector with Spectrotel Acquisition

By: Greg Tavarez    1/27/2023

Grain acquired Spectrotel, a next-generation aggregator and integrated technology services provider.

Read More