The Importance of Cybersecurity and Business Continuity Planning
Lessons From Catastrophic 2024 Ransomware Cyberattacks
We’ve all seen it—the seemingly never-ending stream of breach notifications. In 2024, ransomware attacks have become more common, more dangerous, and more sophisticated than ever before. An organization hit by ransomware is likely to face catastrophic damages to its finances, operations, and reputation. Leverage best practices and engage your IT services provider to develop robust backup and disaster recovery practices as a significant step towards keeping your organization out of the news.
What is Ransomware?
Ransomware is a category of malicious software, configured to block access to business data, only unlocking said data after a ransom (often in cryptocurrency) is paid. While ransomware typically infects endpoints via phishing emails, there have been reports of ransomware spreading via infected websites, web servers, and even social media messaging applications.
It happened to 85% of companies in 2023. Only 11% of those companies were able to recover their data without paying the ransom.
How Ransomware Damages Businesses of All Sizes
For business owners in every sector, the frequency and effectiveness of these ransomware attacks paint a clear picture: it’s not a matter of if your organization will get hit by ransomware… but when.
UnitedHealthGroup, one of the largest employers in the nation, recently revealed that it had so far spent more than $2.3 billion (including a $22 million ransom payment) in responding to the crippling February 2024 cyberattack by Russian hackers. “It was too big to hide,” commented Tim Grosshuesch, Atomic Data’s Client vCIO. Despite UHG’s immense size, resources, and mature IT operations, they still fell prey to a preventable attack that not only impacted their bottom-line but had measurable impacts on patient mortality rates.
It’s not just large, multi-national corporations that find themselves targeted by ransomware strikes. Even small and medium businesses can find themselves in the crosshairs of malicious actors. Take the recent ransomware example handled by Atomic Data’s team of experts. Though the business in question had a disaster recovery solution in place, the weak link was a backup environment residing in the same Active Directory domain as their production workloads. That meant that when a set of credentials became compromised by a threat actor, the attacker not only had access to the organization’s data, but the backups of that data as well. What can often be an alternative to paying the ransom instead was another encrypted system held for ransom.
Employee data was compromised, and the business found itself saddled with over a million dollars in damages. Simple administrator passwords, sparse use of multi-factor authentication (MFA), and outdated backup and disaster recovery practices all made the organization a ripe candidate for a ransomware attack. A lack of immutable backups and fresh tape backups also contributed to what ultimately became severe business interruptions.
“For $10,000, we could have done quick and easy things that would have either prevented this from happening or got them out of this mess faster. When you look at the numbers that way, it’s an easy insurance policy,” observed Tim Grosshuesch. Tim’s a 20-year industry veteran who’s made a name for himself helping organizations build their architecture strategically, with cybersecurity and business continuity front-of-mind.
Unfortunately, this lack of preparedness isn’t uncommon. For example, a recent study revealed nearly 60% of businesses do nothing to protect SaaS-resident application data. “This is the stuff that can put you out of business,” remarked Tim Grosshuesch. Yet, according to him, most organizations aren’t doing enough to stay protected from this sort of attack. “IT is viewed as a cost and not a value proposition…from everything I’ve seen, you should be spending 4-6% [of revenue] on IT.”
“It’s not sexy or exciting to protect yourself against ransomware. Ransomware protection is like changing the oil. It’s basic maintenance to ensure smooth operation.”
– Tim Grosshuesch, Atomic Data vCIO
6 Best Practices for Defending Against Ransomware
To mitigate the risk of ransomware attacks, engage in these best 6 practices:
The 3-2-1-1-0 backup rule
Backups are the proverbial keys to the kingdom when it comes to data resiliency. An organization serious about surviving ransomware attacks should have 3 copies of their data stored, on 2 different pieces of media, 1 of which is held off-site. Additionally, 1 copy should be immutable, and the data should be verified to ensure there are 0 errors within the backup data.
Ensure swift recovery
Having backups is important, but it’s not enough. Any extended downtime will be damaging to your business, so it’s vital that you can get back up and running as fast as possible. One way to achieve this is by using Instant Recovery operations, such as Veeam Data Platform. Frequent replications will allow you to greatly reduce the amount of data at risk when a loss is suffered and enable you to return to business operations rapidly.
Leverage multi-layered security
Multi-factor Authentication should be enabled everywhere, particularly infrastructure components. This single practice would have likely prevented the UnitedHealthGroup attack. Layering MFA usage with encryption at rest solutions is a critical component of a robust security posture.
Automate testing and documentation
If your disaster recovery (DR) plan is needed, there won’t be time to sit down and configure it to be up to date. It’s important for your DR plan to be continuously refreshed and relevant to your organization’s environment. Proper testing, year-round drilling, and automation software should all be a part of your DR plan’s regular diet.
Use API-driven threat detection
Many businesses are reluctant to regularly scan production workloads due to the resources that are associated with such detection efforts. Using an API solution can provide you with access to your data offline, allowing for your security team to seek out compromised and non-compliant data in a secure environment and without driving up CPU usage.
Plan for an inaccessible data center
Your DR plan needs to account for inaccessible production servers. Atomic Data’s geo-redundant cloud infrastructure will keep you in the game, allowing your business to get back on its feet in the wake of an attack that brings your servers offline.
All these things, and much more, are possible with Backup as a Service (BaaS) and Disaster Recovery as a Service (DRaaS) from Atomic Data. We’ll ensure your sensitive data is protected, regardless of what your location and workload look like. As a Veeam Pro Partner, we’re equipped with a team of engineers who have the expertise and experience to architect your environment for optimum uptime, maintain your backups, test failover, ensure security, and manage the upkeep. The only thing you’ll need to worry about is getting back to work.
Conclusion
Experts say that it’s a mistake to not take ransomware prevention seriously, despite it not being “exciting” for businesses to invest in. “It’s not sexy or exciting to protect yourself against ransomware. Ransomware protection is like changing the oil. It’s basic maintenance to ensure smooth operation,” said Tim Grosshuesch.
The statistics tell a dire story: every year, ransomware attacks claim billions of dollars in damages. The fact is, few organizations are truly prepared to defend against them. The inevitability of such threats should push every organization to identify gaps in their infrastructure, and prioritize resolving them via good security hygiene and disaster recovery planning.