Rampant, despicable, and devastatingly effective, ransomware attacks continue to grab headlines and drain bank accounts. How best to protect against this threat?
The prevailing advice among IT security experts is to adopt a remediation strategy using a backup-and-recovery solution. This is based on the fast-evolving nature of these threats: to thwart security software, cybercriminals change their ransomware tactics and software constantly. Eventually, these experts argue, even the most comprehensive and up-to-date frontline defenses will be breached.
I happen to disagree with this position. Why, you may ask? Let me share a personal trauma I experienced many years ago.
A Personal Growth Story
I got the career opportunity of a lifetime while in my late twenties, which came with an exciting relocation from my hometown Washington DC to New York City. Once I found a suitable bachelor’s pad, I took out renter’s insurance, on the advice of thoughtful friends. True, the concept was simple and compelling: for a couple hundred bucks a year, if I was to lose any of my personal property in the event of fire or theft, I was covered for the full cost of replacing it.
I took to my new career chapter, my exciting new life, with gusto. I was all set. Or so I’d thought until a few months later: I came home from work one night to find my apartment had been ransacked. At some point that day, a burglar casually climbed up the fire escape and broke in. I had left my kitchen window unlocked.
Where Remediation Falls Short
What about my renter’s insurance? I was covered, wasn’t I?
It turns out I was and I wasn’t. For starters, my claim took over six weeks to process. Second, I was reminded that certain losses - photos, personal gifts, a running list of Hollywood screenplay ideas – simply couldn’t be replaced, no matter how much coverage I paid for. Finally, because the burglar (or burglars) turned my place inside-out, I needed to stay with friends, and do cleanup and remediation on nights and weekends.
The Ransomware Parallel
How does this relate to ransomware?
Well, as with backup solutions, taking out my renter’s insurance policy was the right thing to do. My costly mistake lie in carelessly leaving that window unlatched. In other words, remediation without prevention. The price I paid for that error: the lengthy recovery process and the irreplaceable valuables I had accumulated over time.
But there was also the cost of temporarily sleeping on friends’ sofas. Even as I took care of remediation, I needed to vacate my flat for a few weeks. This is a lot like the downtime companies often suffer during and after a ransomware attack.
It’s all about layers
In a nutshell, this is the thinking behind the layered approach that Mimecast advocates for ransomware protection. We recommend our customers deploy a combination of preventative, remedial, and continuity measures to achieve a more complete level of safety against ransomware. At the preventative layer, a defense like our Targeted Threat Protection can apply several techniques to block email-borne ransomware, including Impersonation Protect, URL Protect, and Attachment Protect technologies. (We see countless remnants of ransomware attacks – fully neutralized – in our cloud grid by the way, every day.)
To cover for the rare event that an attack manages to breach this line of defense, we recommend our customers use an email archive to rebuild their email states as they existed in the moments prior to incursion. Finally, we recommend an email continuity service to help sustain operations during the attack’s onslaught, as well as during system recovery.
History doesn’t have to repeat itself
I’ve long since left New York for a more pastoral, small-town, family-friendly central Massachusetts life. Not only do I have a good homeowner’s insurance policy; I also have a home alarm system, with sensors on my doors and windows. I learned a valuable lesson all those years ago through this ordeal, a lesson that’s still relevant today.
I hope you’ll take my experience and its implications into consideration as you architect your own ransomware protection solution. (Of course, you should feel free to contact us if you need any help.) Whatever you do, please take precautions before the unthinkable strikes. And make sure those windows stay latched.