6.4 min to readDigital WorkplaceCloud Services

Ways to mitigate ransomware threats for your hybrid workforce

Ravi Bindra
Ravi BindraCISO
A woman's finger is pointing at a colorful screen.

To meet employee needs and retain top talent, many companies are planning to maintain hybrid workforce models for the long-term. While attracting and retaining talent is one benefit, organizations also found that hybrid workforce models save money and increase employee productivity. At the same time, the rise in ransomware attacks makes hybrid workforce a data breach risk. In order to maintain a robust security posture, organizations need a way to mitigate ransomware attacks facing their hybrid workforces.

Why hybrid workforces create ransomware risks

Moving between home offices and in-person locations means changing how employees connect to corporate networks. In doing so, this creates endpoint security risks that will continue as people combine work-from-anywhere and corporate office connectivity.

Inadequate cyber hygiene

When employees connect their devices to public wireless networks, they put their devices at risk. Although they may be using some security tools, like anti-virus, to protect their device, cyber criminals often write malware intended to evade detection. When employees connect to the corporate network - whether remotely or on location - those devices can bring the ransomware with them.

Social engineering attacks

With employees in and out of the office, spear phishing attacks are often more successful. Email becomes a primary mode of communication. If employees click on attachments or links in emails that appear to come from company leadership or a credible source, it creates an attack vector, exposing the company to harmful viruses or malware.

Lack of traditional security perimeter

Related to the public wireless network issue is the lack of a traditional security perimeter. Access becomes more important than ever since companies no longer have the ability to protect networks using only firewalls. As ransomware attacks now include data exfiltration, managing the security perimeter and preventing lateral movement is more difficult for hybrid IT and security teams.

Compromised endpoints and business interruption

The rise in ransomware attacks over the last year is disrupting the cyber security insurance business. It’s not just the ransoms driving up the costs of claims. It’s also the business interruption costs. Let’s take a closer look:

Immediate business impact

Business interruption arising from a ransomware attack may be a few hours or a few days. For example, the Colonial Pipeline attack led to a week-long fuel shortage across the east coast in mid-2021. On the other hand, attacks against the enterprise may be a few hours or days.

However, the few days or hours of downtime may still lead to large business losses. The longer an organization’s data is encrypted, the longer it takes to get back to business.

Time to recover

Backup and recovery also reduce the time it takes to fully recover from a ransomware attack. Organizations with robust data backup and recovery are more likely to resume business as usual, reducing the business interruption costs.

However, in order to put a data recovery process in place, companies need a backup solution that works across multiple types of devices, including user devices and servers.

Equally important, they need backup services that enable them to have real-time or near real-time backups. As companies use the cloud to engage in business operations, data changes nearly every second, especially across hybrid workforces. This means that in the event of a ransomware attack, having a data backup from the previous day can lead to significant losses.

3 Ways to mitigate ransomware threats for the hybrid workforce

Cyber criminals will continue to target hybrid workforces because they are difficult to secure. However, it’s important to remain vigilant. Here are the top 3 ways to mitigate ransomware threats for the hybrid workforce:

1. Endpoint security

Managing and securing endpoints is challenging, especially when employees can work anywhere and want to use their own devices. At a minimum, organizations should put in place anti-virus protections that regularly scan devices using Artificial Intelligence (AI) and Machine Learning (ML) to help predict new malware variants. Taking proactive endpoint security actions can help mitigate risk by reducing the likelihood that a ransomware attack will be successful.

2. Endpoint detection and response (EDR)

EDR tools detect and investigate suspicious behavior across hosts and endpoints, actively responding to advanced malware and cyber attacks. They provide visibility into the scope and impact of incidents, including attacks that may have previously gone undetected. With EDR, organizations respond more rapidly to potential incidents, reducing the likelihood that the attack can spread to other networks and systems.

When deploying EDR, organizations should make sure that their solution includes:

  • Continuous monitoring for abnormal user and device behaviors
  • Automated response capabilities
  • Analysis and forensics with analytics

3. Endpoint backup

Ransomware attacks encrypt data across devices, leading to costly business interruption. Robust endpoint backup should be part of a company’s business continuity and disaster recovery planning.

A robust endpoint backup plan should include:

  • Single view into all data for rapid retrieval
  • Cloud storage capabilities
  • Restoration across user devices and servers
  • Services to advise on corrective actions and prioritization of activities

For most organizations, endpoint backup can be challenging. Many organizations establish their own backup processes using external hard drives or servers stored offsite. However, when a ransomware attack occurs, these may be impacted by the attack.

Best data backup practices traditionally include:

  • 3 copies of data
  • 2 different media
  • 1 offsite

To mitigate the ransomware risks that a hybrid workforce creates, organizations need to make sure that their “offsite” backup is cloud-based. They may not be able to bring everyone to an off-site physical location easily, and cloud-based data backups can sync across devices no matter where a user is located.

SoftwareOne for data backup and recovery

With SoftwareOne’s Managed Cloud, customers can use our managed backup services to help mitigate business interruption caused by ransomware attacks. We provide a single view into all data, no matter where the organization stores it to improve visibility.

With our solution BackupSimple powered by Metallic, customers gain complete control of their backup and recovery environment. This ensures comprehensive and streamlined data recovery by centralizing all backup needs across Microsoft Azure and AWS through to Microsoft 365. Consolidating backup solutions lowers operational costs by reducing effort, especially across increasingly complex public cloud and hybrid environments.

We also provide backup experts in our support center, giving customers the advisory services they need to recover rapidly. Our experts suggest corrective actions and prioritize implementation of agents to streamline recovery.

A close up of a pink and blue flower.

SoftwareOne’s CIO Pulse Survey

Our report includes key findings of recent research to examine CIOs’ priorities at a time when they are expected to achieve more but with reduced budgets.

SoftwareOne’s CIO Pulse Survey

Our report includes key findings of recent research to examine CIOs’ priorities at a time when they are expected to achieve more but with reduced budgets.

Author

Ravi Bindra

Ravi Bindra
CISO

Ravi holds over 20 years’ experience as a cyber security evangelist, holding multiple leadership roles in the Swiss pharmaceutical industry, such as Global Head of Risk Management, Global Head of Architecture and Global Head of Security Operations.