Pitfalls to avoid when creating a cyber resilience strategy

Druva Marketing

Per the Cyber Security Report 2021 by Check Point Research, on average, ransomware threat actors attack a new organization every 10 seconds. So if you are afraid of a ransomware attack, we totally understand your plight. 

From Colonial to Kaseya, ransomware attacks continue to make headlines, and it’s not just large enterprises that are suffering. More than 60 percent of small companies that experience a ransomware attack go out of business within a year.

Some companies refuse to negotiate because they have backups, but 27 percent of them still don’t recover their data after an attack. Most backup providers are no match for sophisticated new variants of ransomware that specifically target backup data for encryption and deletion.

Over 1/4 companies with a backup solution never recover their data

Big budgets, the latest tools, and increased manpower are not enough to be cyber resilient. You must have the right strategy and a thorough plan to deal with the next potential attack.

The strategy might differ depending on your industry and type of business. However, ensure that you don’t make these common mistakes while creating your cyber resilience strategy.

Don’t downplay the risks of ransomware

There are companies that are not prepared with a protection solution and an action plan in the event of a ransomware attack on their data. They don’t think there’s an imminent risk, however, when several of their systems can become infected they may be forced to negotiate with the attacker for ransom. 

According to a Gartner analysis of clients’ ransomware preparedness, over 90 percent of ransomware attacks are preventable with sound security fundamentals, including an effective backup and recovery strategy.

Whether your company is well established or a startup, and whether you use older technology or cloud-native solutions, you must protect yourself from ransomware. Otherwise, you risk losing business-critical data that is your company’s lifeblood. To make things worse, ransomware might expose your customer’s data and lose their trust, your source of revenue, and your ability to recover.

In this video, Larry Hughes, a cyber security expert, describes why best practices around cyber security are evolving and how securing your organization’s data protects you as well as those doing business with you.

Don’t go for it alone

Today’s ransomware attacks are not from elite hackers who are targeting the largest institutions of the world. Unfortunately, Ransomware-as-a-Service is rampant. You face an army of attackers from around the world that can be hired by bad actors. The only way to defend yourself is to get your own army working on your behalf.

42% of vulnerabilities are exploited after a patch was issued

In fact, 42 percent of vulnerabilities are exploited after a patch has already been released but not yet applied by IT personnel. Therefore it’s crucial that you employ the right people who understand and prioritize data security tasks.

As a CISO or Information Security leader, you must judiciously use the budget allocated to you to find vendors and products that are the best fit for the cyber security needs of your company. 

Now you can use proven technology that enables you to take essential steps to protect your data before, during, and after an attack. If you are targeted, you need a vendor that has a strong track record for diffusing attacks and can help you improve your security posture and not introduce new vulnerabilities.

In this 18 minute session, experts from Druva, Dell, and AWS discuss how you can leverage available technology to create a robust data protection plan. 

Building a plan with trusted, proven, multi-layer, 100 percent cloud solutions will ensure your data stays protected 24×7. For example, a pure cloud solution (such as Druva) not only allows you the flexibility to back up your data in various clouds anytime, anywhere, but also provides the agility to accelerate response and recovery with orchestrated response using API-based integrations and automated recovery with curated snapshots. 

Don’t work in silos 

Cyber criminals have used more than 100 ransomware families in the past few years to target businesses. According to VirusTotal, attackers prepare new ransomware samples each time they launch an attack. So, with each attack, you will likely face a different variant trying to hold your data hostage. When an attack happens, and it will happen, you will need to bring together your IT team, Security team, and others in your organization to recover. 

2+ weeks is average time to recover data after an attack even if ransom is paid

You simply can’t succeed with internal teams that don’t have established best practices for working together. You will need to have a plan in place that explains who should do what in the event of a cyber attack. Several people working in tandem will help you recover quickly from the situation and get the business back on track quickly and easily. 

Watch Rishi Bhargava, VP of Product Strategy, Palo Alto Networks, and Prem Ananthakrishnan, VP Product, Druva discuss how several security and IT teams lack coordination when it comes to detecting ransomware and responding to attacks. They also share real-life examples of how you can improve protection and recovery workflows across multiple teams. 

With the right set of tools, people, and strategies, you can build a system that is ready for whatever the future may bring.

Looking to learn more about how you can defend your organization from ransomware? Download our new eBook, the Ransomware Survival Guide, to evaluate the real risks, costs, and best approaches in preparing for a ransomware attack.