What a year 2021 has been. It will go down in history as a challenging year thanks in no small part to the ongoing pandemic. But it’s been especially tough for IT pros and cybersecurity experts. We saw ransomware take down the largest fuel pipeline in the United States—Colonial Pipeline—leading to shortages across the East Coast due to a single compromised password. Then we saw Kaseya, a multinational IT company, get hit by a ransomware attack that the Cybersecurity & Infrastructure Security Agency (CISA) called a global cybersecurity incident. At least for 2021, the last straw was the discovery of a critical Apache Log4j vulnerability in its logging framework that puts millions of devices at risk.
While a Ukrainian national was arrested and charged in the Kaseya attack, it’s doubtful to deter the bad guys. And ransomware-as-a-Service (RaaS) is an established industry expected to flourish in 2022. Meanwhile, SonicWall reports more than 304 million ransomware attacks occurred in the first half of 2021—a number that will surely increase in 2022. Cybersecurity is already one of your significant concerns. But with so many attack vectors coming at you, you need to do more to protect your organization’s data.
To help you enjoy a more secure, ransomware-free 2022, here are some suggested New Year’s resolutions for IT pros from Arcserve:
1. Do More to Educate Your Team
Employees are one of your biggest vulnerabilities when it comes to cybersecurity. All it took was a single compromised password to bring down Colonial Pipeline. Employees are also your first line of defense against ransomware. Now is the time to bolster their understanding of their part in prevention.
Ensure they can recognize suspicious emails that may be phishing for access to your systems. That includes your executive team, who may be a “whaling” target—phishing attacks targeted at senior executives—spear phishing with emails targeted at a specific individual, and other social engineering techniques that continue to evolve. Company newsletters, bulletins, and other ongoing information sharing and education can help keep everyone up to date and aware, while formal training—and testing—reinforces the importance of each person’s role in prevention.
2. Improve Your Cyber Hygiene Habits
CISA recommends that you conduct regular vulnerability scanning to identify and address security gaps. That’s especially true for internet-facing devices. Because many ransomware variants take advantage of Remote Desktop Protocol (RDP) post 3389 and Server Message Block (SMB) port 445, consider limiting connections to trusted hosts only. You should also consider whether your organization even needs to leave these ports open.
This is also the perfect time to make sure all of your organization’s operating systems, applications, and software are up to date. And, if you haven’t already done so, establish a process that ensures everything is updated regularly because updates are critical for closing security gaps that attackers are looking to exploit. If available, turn on auto-update features to install the latest patches automatically.
3. Harden Your Endpoints
Remote and mobile workforces have already added new challenges for securing your endpoints. That’s why it’s crucial that you put secure configuration settings in place that limit your organization’s threat surface—and close security gaps that may exist in default configurations. To help you get there, the Center for Internet Security (CIS) and its global community of cybersecurity experts have developed CIS Benchmarks, with more than 100 configuration guidelines across more than 25 vendor product families. These benchmarks help you safeguard your systems against evolving cyber threats.
Arcserve Unified Data Protection (UDP) is an option worth considering for further hardening your endpoints. Arcserve UDP is fully integrated with and secured by Sophos Advanced Intercept X endpoint protection, which includes endpoint detection and response, anti-ransomware file protection, automatic file recovery, and behavioral analysis to stop ransomware and boot record attacks.
4. Update Your Backup and Disaster Recovery Plan (and Test It)
Turning the page on a new year is also a great time to pull out your backup and disaster recovery (DR) plan and make sure it’s updated. Put a process in place that ensures you review the plan regularly, too. Ready.gov, an official website of the U.S. government, offers a range of resources for developing your IT disaster recovery plan.
We recommend that you follow the new 3-2-1-1 backup rule, as outlined in a recent Executive Brief from IDC. The rule is simple: keep three copies of your data (one primary and two copies); store two copies locally on two formats (network-attached storage [NAS], tape, or local drive); with one copy stored offsite in the cloud or secure storage. The twist to the new rule is the last “1,” which stands for immutability.
IDC says that immutability—when your data is converted to a write-once, read many times format that can’t be altered or deleted—is a critical element of successful ransomware protection. When your data is backed up to immutable storage, you can count on recovery from virtually any disaster. So resolve to make immutability part of your 2022 ransomware resolutions.
Finally, test your plan regularly. Put it on the calendar and test it again when anything significant changes in your infrastructure. Make sure you can recover no matter the circumstances, meet your RTOs and RPOs, and minimize ransomware’s costly downtime and financial impacts.
Resolutions Worth Keeping
The consequences of a successful ransomware attack are painful and expensive. Sophos’ The State of Ransomware 2021 global survey revealed that the average recovery cost from a ransomware attack increased to $1.85 million in 2021. That makes a strong case for staying focused on these resolutions throughout 2022.
The Arcserve team wishes everyone a safer, more secure, and ransomware-free 2022. If you’d like help making sure that’s the case, be sure to talk to one of our ransomware backup and recovery experts.