A 2018 report from Radware found that 53% of surveyed executives said they had paid cybercriminals the requested ransom after a successful ransomware attack. When you include the cost of paying a ransom with the more traditional costs of data corruption and loss, business enterprises are paying millions of dollars for data recovery. It is not a sustainable situation for any business.
To counteract ransomware and other data breaches, businesses have implemented state-of-the-art preventative security technologies, but cybercriminals are still getting through. According to the Department of Homeland Security (DHS), the key to defending against ransomware attacks is a systematic backup protocol for all mission-critical data.
SEE: Data classification policy (Tech Pro Research)
DHS Alert (TA16-091A) advises businesses and organizations that store critical data and are susceptible to ransomware attacks to:
- Implement a backup and recovery plan for all critical data
- Regularly test backups to limit the impact of a data breach and accelerate the recovery process
- Isolate critical backups from the network for maximum protection if network-connected backups are affected by ransomware
With an all-inclusive data backup plan in place, a business may be able to restore all, or at least most, of the critical data held hostage during a ransomware attack, thus eliminating the need to pay for its release. Of course, there will still be costs involved, but the costs spent on data recovery with backed up data will not line the pockets of malicious cybercriminals.
SEE: 17 tips for protecting Windows computers and Macs from ransomware (free TechRepublic PDF)
Data backup for modern enterprises is likely to involve cloud services, offsite data centers, and hybrid systems, the combination of which helps reduce the vulnerability of critical data. It is much more difficult for ransomware to lock out data when it is physically located in a cloud of redundant servers.
Organizing backup protocols for an entire enterprise requires extensive planning. A successful data backup policy includes identifying key staff and understanding what should be backed up, when and where it will be backed up, how often it will be backed up, and how long backups should be kept. It also needs to define a process for confirming the success of all those operations. And those are just the critical elements.
Tech Pro Research, TechRepublic's premium sister site, offers a ready-made Data Backup Policy you can use as a framework for developing a comprehensive policy for your organization. Implementing such a policy could prevent major financial hardship. The Radware report mentioned earlier also revealed that 69% of the surveyed executives have had a ransomware attack in the past year. Your enterprise had better be prepared.
- Power checklist: Managing backups (Tech Pro Research)
- A new email attack could infect you with ransomware and steal your passwords (TechRepublic)
- Ransomware attacks are on the rise. Should businesses pay up or focus on tightening security? (TechRepublic)
- Ransomware: An executive guide to one of the biggest menaces on the web (ZDNet)
Has your enterprise suffered a ransomware attack? Did you have a backup policy in place? Share your thoughts and opinions in the discussion thread below.
Mark W. Kaelin has been writing and editing stories about the IT industry, gadgets, finance, accounting, and tech-life for more than 25 years. Most recently, he has been a regular contributor to BreakingModern.com, aNewDomain.net, and TechRepublic.