Cyber-insurance or self-insurance: how businesses can recover from ransomware attacks
Ransomware attacks continue to present a significant threat to ANZ organisations, with the Australian Cyber Security Centre assessing ransomware as the highest threat to Australian businesses.
With the ongoing threat of cyber-attacks presenting a significant risk, cyber-insurance has made it onto the agenda of many business leaders. A cyber-insurance policy promises to pay a monetary sum to cover the costs of being attacked. However, it doesn't materially contribute to recovering from an attack and may not even cover the full costs of remediation, depending on the policy.
Self-insurance against ransomware attacks in the form of unimpeachable backups can be a stronger approach.
While cybersecurity tools can help protect organisations from malicious attacks, ransomware is a particularly insidious threat that can be very hard to defend against. Even though organisations should deploy the strongest IT security tools they can afford, the fact remains: attacks will occur, and the odds of an attack succeeding are, unfortunately, high.
This makes it essential for organisations to think about how to recover from a ransomware attack as well as how to defend against one. The downtime associated with data recovery is disruptive, and the workflow requires significant time and resources.
It doesn't help that attackers are now targeting backups before attacking production data: a victim that cannot turn to their backups for recovery is far more likely to pay any ransom demanded to get production data back.
While a cyber-insurance policy may help offset or defray some of the financial costs associated with the downtime associated with a ransomware attack, it does nothing to help get the business to become operational again in a meaningful timeframe. Cyber-insurance may pay for some of the losses — but the premiums can be enormous, and it can be hard to understand what's covered under the policy.
One major global insurance provider has suspended policies that reimburse ransomware victims in France for the ransom payments; a clear indicator of how prevalent this issue has become and a signal that organisations shouldn't put all their faith into cyber-insurance. In fact, it could be possible that ransomware attackers target organisations that have insurance because they know these organisations are more likely to pay the ransom.
This all leads to the conclusion that cyber-insurance should be considered a cost reduction strategy that can be pursued after a business is back to normal operations. Infrastructure solutions that help ensure backups cannot be compromised should be the primary investment — and can be considered a form of self-insurance.
The right type of backups can significantly mitigate the risk of significant disruption and financial losses following a ransomware attack in the following three ways:
Protect backups from attack
Most backups are just as vulnerable to cyber-attacks as the company's original data. Organisations should seek solutions that can augment existing backup platforms so that even in a breach, attackers cannot damage backups. Then, when an attack happens, the business can restore from the snapshot with minimal fuss.
Use a fast recovery system
A breach is quite likely to be the only scenario that triggers a full restore of all data. Legacy backup (not recovery) solutions handle the backup well, but were never designed to restore the data quickly.
Organisations should augment existing backup platforms to restore mission-critical systems in an acceptable timeframe for getting the business operating again.
Choose an easy-to-use solution that you can build easy processes around
When the business is under attack, the last thing the IT team needs is a complex disaster recovery system hindering the recovery process. Instead, it's important to choose a solution that restores data quickly and reliably with just a few clicks, using the existing data protection software stack.
While insurance companies are still working to determine the best approach for cyber-insurance policies, savvy businesses are proactively moving to self-insure or protect themselves from ransomware attacks.
Putting the right infrastructure solutions in place will help businesses reduce their risk profile by ensuring backups are protected from attack and decreasing the time to recover from attacks. This helps mitigate the ransomware risk and reduces business impact.