Recently, I shared my thoughts with Gestalt IT regarding Ransomware, Backups, and carefully tailoring disaster recovery and business continuity plans to your organisation:
When it comes to Ransomware, there is little to be done post infection besides limiting infection and recovering in any means possible. This recovery could be: restoration from backups, making use of The No More Ransom Project resources, along with accepting the loss of some data.
The secret weapon against Ransomware is actually in advance of infection, it's preparing your environment for compromise. This is through, but not limited to, the following:
Practicing security by design principles, i.e. building architecture to protect the 'crown jewels', the vital data to the organisation.
Implementing a Cyber Threat Intelligence Programme that tailors the environment to likely scenarios and threats.
Running table top exercises to prepare your teams, and identify gaps.
Embedding security validation throughout the lifecycle; red team, penetration testing, and automated security controls.
Security controls that reduce likelihood of compromise, like email filtering, blocking file types in email attachments, testing links, and more. This way users are protected from common attack vectors without having the think.
Backing up critical data, from intellectual properties and log files that allow for investigation.
Maintaining training for technical team members, both security principles but also ethical considerations and responsibilities.
Creation an awareness programme that provides training for non-technical team members, both in the why security is important, and how to make use of it in their workflows.
As we know, the majority of breaches are opportunistic attacks which are financially motivated. Therefore, it stands to reason organisations that embed security foundations within their infrastructure, and continuously validate their controls and persons, they are reducing the likelihood of an incident occurring, and when they are breached, minimising the overall impact. If an organisation does not proactively embed resilience, then when they are breached it can have devastating consequences to not only the organisation but also all of their consumers.