Page 76 - Cyber Defense Magazine for August 2020
P. 76
This updated matrix considers the threat frequency, enterprise vulnerability, and impact of ransomware
and other malware.
Remediating the ransomware risk
How do you lower the risk associated with a ransomware attack? Historically, prevention and detection
have been the main defenses against malware, but for ransomware we’ve already shown these
approaches are only moderately effective. Recreating lost data is usually impossible or impractical. Some
victims have paid to recover their data, but this is a chancy (and morally ambiguous) approach. Further,
data encrypted by worms like NotPetya are unrecoverable.
This leaves recovery as a keystone strategy to minimize the impact of ransomware to your organization.
An automated, tested recovery plan for all your critical systems is the best way to minimize the damage
inflicted by a ransomware attack. Infrastructure such as Active Directory, DNS, and DHCP must be your
top priority because they are foundational to recovering everything else on your network.
Ransomware attacks are the leading cause of organizational IT disruption today. Business continuity and
disaster recovery planning need to take this new reality into account and update their risk analysis
accordingly. Recovery has traditionally taken a back seat to prevention and detection for malware
protection, but today rapid, automated restoration of your systems and data may be the only shield your
organization has against corporate Armageddon.
i Multiple sources – Microsoft SIR, Verizon, etc.
ii https://cybersecurityventures.com/global-ransomware-damage-costs-predicted-to-reach-20-billion-usd-
by-2021/
iii https://www.recordedfuture.com/state-local-government-ransomware-attacks/
iv "Shut the door to cybercrime…" Ignite 2017, BRK3016, 35:45
About the Author
Mickey Bresman, CEO, Semperis
Mickey is a co-founder of Semperis and leads the company’s
overall strategic vision and implementation. A long-time
enterprise software expert, Mickey began his technical career in
the Navy computing technical unit over a decade ago. Prior to
co-founding Semperis, Mickey was the CTO of a Microsoft gold
partner integration company, YouCC Technologies, successfully
growing the company’s overall performance year over year.
Mickey holds a BA in Technical Management and a Minor in
Electronic Engineering.
Mickey can be reached on Twitter at @ber_mic and at our
company website http://www.semperis.com/
Cyber Defense eMagazine – August 2020 Edition 76
Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.