As retailers prime their websites for the surge in web traffic this weekend, there’s one important factor they must prioritize: Their ransomware response plan.
The FBI and U.S. Cybersecurity and Infrastructure Security Agency (CISA) have recently issued a ransomware advisory. This follows on from multiple ransomware attacks during previous Holiday periods.
CISA and the FBI recommend maintaining vigilance against the multiple techniques cybercriminals use to gain access to networks, including:
- Phishing scams, such as unsolicited emails posing as charitable organizations.
- Fraudulent sites spoofing reputable businesses—it is possible malicious actors will target sites often visited by users doing their holiday shopping online.
- Unencrypted financial transactions.
While the agencies of the U.S. government have urged organizations to identify IT security staff who can be on call in the event of an attack, there are other issues that need to be considered.
They issues are drawn out by Simon Jelley, a ransomware expert at Veritas Technologies. Jelley has provided a step-by-step guide to help retailers quickly resume business as usual if attacked, without having to even consider paying the ransom or tap additional IT talent amid today’s labor shortage.
The essential points from Jelley are:
Centralize your data backup
This will help ensure all your data is protected and backed up, eliminating the protection gaps that may be present without centralization.
Strengthen the resiliency of your centralized data backup
Harden it against ransomware attacks by encrypting data at rest and in transit, using digital certificates and integrating a PKI, using strong authentication and user roles, leveraging containers for an easy patch management process, and implementing anomaly detection to detect potential ransomware.
Develop a plan for when a crisis strikes
Even after implementing the above, it’s still necessary to develop a plan for when an attack happens. Being proactive and creating a plan will help you react appropriately and expeditiously in the event of an attack, thereby limiting the effects and scope of the crisis.
Test and test again
It’s critical that you test your protection strategy before a disaster event like ransomware happens. This includes drilling your ransomware recovery plan outlined above.
Educate employees and business leaders
Taking the time to educate yourself, your leaders and company employees about the risks and signs of ransomware can help not only prevent an attempted ransomware attack, but detect a successful one early, potentially preventing it from even getting near your data backups.