Securing Against Ransomware: Why Infrastructure and Security Must Join Forces

IT infrastructure and security teams are two sides of the same coin. Yet all too often they operate in silos, with little communication or collaboration between them. Worse yet, they might even view the other team as a hindrance to their work. This can leave organizations vulnerable to cyberthreats such as ransomware, which have devastating consequences for organizations of all sizes.

Ransomware attacks are becoming increasingly sophisticated and damaging, and cybersecurity experts feel they’ll only become more frequent in the future. Today, organizations need to ask themselves: What will we do when it happens to us?

In many cases, ransomware attackers gain entry in ways that allow for considerable dwell time. This gives them a substantial opportunity to compromise backup files and associated safeguards, which can make recovery difficult, if not impossible. The space in which they operate represents the gap between security and infrastructure.

Having secure backups is vital to an organization’s cyber recovery strategy should it experience a ransomware attack. An important piece of the cyber recovery strategy is securing your cleanroom.

A cleanroom should be heavily restricted from a personnel and network standpoint. Very few things should be able to pass from production into a cleanroom; otherwise, you should assume that attackers can access it as well.

We had a customer who did everything right, but they had one shared connection between production and the cleanroom — a peripheral. The attackers used that peripheral to take out the cleanroom.

This is one example of a gap that can be addressed by working together.

By working together, your infrastructure and security teams can develop a comprehensive approach to ransomware protection that includes:

1. Proactive threat detection: By working together, your infrastructure and security teams can implement security controls and monitoring tools that can help detect ransomware threats before they cause significant damage. For example, the security team can implement security solutions such as antivirus software, intrusion detection and prevention systems, and firewalls, while the infrastructure team can ensure systems are configured securely and kept up to date.
   
   
2. Faster incident response: In the event of a ransomware attack, your infrastructure and security teams need to work together to respond quickly and efficiently. If there is a gap between them, it can be difficult to coordinate a response and develop procedures to act fast and minimize the impact of the attack.
   
   
3. Data backup and recovery: A critical aspect of ransomware protection is having reliable data backups and recovery procedures in place. The infrastructure team is responsible for implementing and maintaining backup systems, while the security team can help ensure the backups are secure and accessible in the event of an attack. Working together, the teams can implement comprehensive backup and recovery strategies that help minimize the impact of an attack.
   
   
4. Reduced downtime: By working together, your infrastructure and security teams can produce an in-depth response plan that includes your security response with coordinated recovery of applications. When your organization is attacked, it’s important to get the essential servers back up and running. An in-depth map will help you to properly identify which servers need to be recovered first.

One of the biggest tools at your disposal for identifying how to close any gaps in your organization is having a third party come in and perform a ransomware vulnerability and recoverability assessment.

By bringing together experts from different areas such as security, data protection and threat monitoring, the ransomware vulnerability and recoverability assessment can help evaluate your recovery plan, test your organization’s ability to recover from a ransomware attack and identify areas where improvements can be made.

The assessment may also include a tabletop exercise to walk you through a simulated ransomware attack and subsequent recovery process. This can help develop and refine your own internal processes, which you can repeat in the event of a real attack.

Through this assessment, your organization can gain a better understanding of your risks and develop a clear roadmap for improving its resilience against ransomware attacks.