A ransomware attack can be a reputation killer. The institution’s reputation can contribute heavily to the bottom line. Every second of downtime means lost transactions. Every byte of data lost could impact key accounts.
Fortunately, heavy compliance standards are ingrained in financial data security standards such as the Federal Financial Institutions Examination Council (FFIEC) standard. That said, companies can still be severely impacted by Ransomware if they don't take a holistic approach of employee education, security, and data protection.
Employees are the first line of defense in preventing ransomware. Training employees to recognize and thwart ransomware and malware threats will enable the employees to become “human firewalls.” Training should be followed up with regular, focused messaging such as “If you are not expecting an email with a link, don’t click” or “Become the human firewall.”
But to be honest, education only goes so far. Ransomware is a billion-dollar industry. This is where detection at every level is critical, on devices, within the network, and even within storage. Having backups and multiple data copies aren't enough. The backups must be secure and recoverable, which means they require malware hardening and detection capabilities too.
If an attack gets through to your datacenter, there are a few key technologies that help the most in these situations:
Virtualization. If your recovery takes too long, then you may be better off paying the ransom. Virtualization allows data protection solutions to spin up entire machines instantly. Even if the production machine runs on bare metal, machine translation technologies can still make that device available in a virtual environment. Fast recovery lets you tell a ransomware hacker to pound sand.
Cloud-Based Sync Technology. Sync technologies, such as Box and OneDrive, provide an excellent source of recovery for endpoints. The versioning capabilities allow users to revert with little impact or data loss.
Analytics and Automation. Recognizing quickly that you could be protecting a machine with Ransomware is critical. Testing those backups for recoverability is key. If IT has to troubleshoot recovery for hours, they’re better off paying the ransom. Backup analytics and automation help you achieve fast detection and confidence.
Integrated Security. Backup systems can be targets of Ransomware. It is better to simplify the number of systems in the architecture and harden them to do only that function. Close any unnecessary network ports, processes and services that are not solely dedicated to data protection. Integrated backup appliances do this out of the box, but you can put in the extra work to secure other backup architectures as well.
Ransomware is here to stay. It's too lucrative and difficult to prevent. Being prepared to handle an incident quickly, with the least impact is what helps you avoid paying the ransom.
