Ransomware continues to be a significant global threat for organizations in all sectors. In 2022, it accounted for 41% of breaches, with an average cost per breach of $4.5 million. While authorities have had some success cracking down on ransomware perpetrators, bad actors are expected to evolve their tactics and business models, generating new attack types and pursuing new targets such as the enterprise cloud.
Since the ransomware risk is less a question of “if” than “when”, growing numbers of organizations are seeking ransomware recovery strategies to mitigate potential damage and ensure business continuity. To do so, they need three things: a clear understanding of the critical data they need to protect most, good backup procedures, and a formal incident response plan.
Ransomware recovery step 1: Identify and protect critical data
What constitutes critical data varies by organization and industry based on operational, competitive, and commercial requirements, customer and supply chain relationships, privacy laws, industrial regulations, and other factors. Identifying that critical data brings focus to a ransomware recovery strategy, pinpointing where the strictest protections and controls need to be applied.
Today, those protections and controls usually involve a zero-trust approach that regards all connections to the corporate network as untrustworthy and assigning least-privilege access to users, devices and applications. With that as a foundation, other ways of safeguarding data can also be applied, such as multi-factor authentication to verify user identities, encryption of data at rest and in motion, and good data hygiene practices.