How to Develop a Ransomware Response Plan with Arcserve’s Sam Roguine
Solutions Review recently had the opportunity to speak with Arcserve Director of Solutions Marketing and Enablement, Sam Roguine. Arcserve offers organizations several different backup products, including Arcserve Unified Data Protection (UDP), Arcserve Continuous Availability, Arcserve UDP Cloud Direct, UDP Cloud Hybrid, and a legacy offering. With 15 years of experience in the enterprise tech space, Roguine offered insight into how to develop a comprehensive ransomware response plan and how a ransomware response plan can benefit an organization.
What are the elements of a comprehensive ransomware response plan?
Today, it’s not a matter of if you’ll fall victim to an attack; the question is when. So, it’s vital for businesses to have a well-tested and fool-proof ransomware preparedness plan in place that clearly defines the company’s policies and procedures for these scenarios.
There are several proactive ransomware protection strategies that can help businesses neutralize the impact of these cyberattacks. To start, it is critical to actively manage user access with controls that prevent cybercriminals from being able to easily infiltrate the network. Businesses should also manage system configurations across vendors and address potential weaknesses and threats that can lead to a breach. Enterprises must stay steps ahead of sophisticated attacks by combining business data security and data protection solutions, instead of leaving them siloed.
In addition to making sure the correct cybersecurity and data protection technologies are in place, businesses should also arm their employees with cyber hygiene best practices so they’re aware of and can protect themselves from ransomware. It’s not enough for businesses to create a business continuity plan and be done with it – they must also maintain and continuously test their BCDR plan to ensure applications can be fully recovered during a disaster and that their team will know exactly what to do.
How can a ransomware response plan help businesses avoid government sanctions?
New strains of ransomware are evolving to not only encrypt and threaten to destroy data, but publish it online, causing businesses to panic and quickly pay ransoms. Garmin recently suffered a massive WastedLocker ransomware attack, causing a worldwide outage that affected many of their navigation and fitness services. The Garmin IT department failed to remotely shut down all computers on the network as devices were being encrypted, and WastedLocker threatened to publish this data unless a $10 million ransom was paid. This posed a difficult decision for Garmin because after the U.S. Treasure Department sanctioned Evil Corp’s WastedLocker in December 2019; Garmin could pay the ransom to get their stolen data back, but they would face an additional government sanction for making deals with cybercriminals.
Not all ransomware attacks are preventable, but if Garmin was able to execute a solid disaster recovery plan that includes proper risk assessment, treating backups as critical infrastructure, and continuous testing and training, they could have reduced the wide reaching impact of this particular attack. When there’s a solid plan in place, businesses can lean on their backup data to avoid having to dish out a ransom payment, which can help them also avoid regulatory fines and from finding themselves in the crosshairs of government sanctions.
Are there other benefits to being prepared with a ransomware response plan?
A ransomware response plan not only helps businesses prevent data loss and downtime, but also maintain customer loyalty. Cyberattacks weigh heavily on consumers as they consider purchasing decisions; in our recent survey of 2,000 consumers, we found that consumers won’t wait for ransomware recovery and have no issue switching to a competitor if a ransomware attack brings business operations to a halt. The research shows that 58% of consumers will switch to a competitor if a business experiences two or fewer disruptions. Similarly, 37% of consumers will switch to a competitor if systems and applications aren’t back online within 24 hours of an attack; with a proper ransomware response plan in place, that’s a huge percentage of customers you could keep happy. By implementing and testing a response plan, businesses can stay ahead of their competitors by proving they can be trusted with customers’ personally identifiable information.
How do you think ransomware response plans will evolve in the future?
Because ransomware gangs are always evolving their tactics, response plans must also evolve to keep up – and to do so, I believe businesses will start dealing with ransomware response more head-on, touching every single department. This will require clearer and more open lines of communication between the C-suite and the IT team, so everybody will understand who is responsible for what if an organization falls victim to an attack. By incorporating every department into a ransomware response, businesses can more easily deploy integrated solutions for advanced backup, disaster recovery, high availability and cybersecurity; enable IT practices with effective user engagement; and, deliver a first and last line of defense that accelerates threat detection and enables immediate restoration of backed-up data. In the future, it’s going to be especially critical for IT teams to constantly test and check their response plans, because ransomware is anything but predictable.