Time is money, and ransomware and other cyber threats can stop a company in its tracks.
A cyberattack recently put a large U.K. business out of commission for six months, resulting in lost revenue, reputational damage, and regulatory costs. This is not an isolated case. More than half (58%) of organizations impacted by ransomware in 2024 had to shut down operations, and revenue losses nearly doubled between 2021 and 2024.
But the pain and suffering from cyberattacks often extend far beyond any one company. Business shutdowns and productivity slowdowns can also adversely impact an organization’s suppliers and workers and harm the people who rely on its products and services.
According to Ponemon Institute 2024 research, nearly 70% of survey respondents at healthcare organizations hit by ransomware said patient care also took a hit. Sixty-one percent reported delays in procedures and tests, resulting in poor patient outcomes, while 58% said these incidents led to longer patient stays. Worse yet, cyberattacks on healthcare facilities often lead to increased patient mortality rates, according to an earlier Ponemon Institute study.
Understanding what’s at stake across society and industry sectors, regulators are demanding companies change their procedures to comply with specific requirements and minimize the impact of cyberattacks, some of which have taken companies years to recover from.
At a time when cyberattacks are occurring with sub-second frequency and becoming even more sophisticated – and regulators such as the U.S. Securities and Exchange Commission (SEC) are setting records for enforcement actions – building ransomware resilience and complying with regulatory requirements are increasingly critical. Yet achieving compliance and resilience can be highly challenging given consistently changing attack vectors, procedures and rules.
Recommended CyberTech Insights: C-Suite Support Powers Smarter, Stronger Network Security Strategies
Here’s how to address these challenges, lower your risk and increase your competitive position.
Bring Teams Together to Formulate a Resilience Plan
Lack of proper communication and advanced planning introduces unnecessary risk.
Lower your risk by bringing key teams together to collaborate on a regulatory and business resilience plan.
Your infrastructure team members will know what data and IT systems are business-critical to your operations.
But they probably won’t know how that relates to the regulations to which your company must adhere. Call on your legal team for guidance on rules and regulations. Consider bringing in an expert third party to spearhead collaboration among your infrastructure and legal teams, as well as your security specialists. Work together to design a process to address exactly what’s required and define who is responsible for each part of the process.
Keep the communication going by setting a regular meeting cadence. Use that time to assess how your procedures are working and determine how you can continue to optimize them.
Use Digital Twin Technology to Keep Core Operations Running
Many companies have disaster recovery plans. But these plans often kick in when the business detects a cyber incident, and bad actors are typically in a system long before detection.
Replicating your production environment to a second, disaster recovery site during an incident won’t minimize the blast radius and help you to isolate the infection. It will double your risk.
Leverage digital twin technology to create a digital instance of your minimum viable company. Now you can shift to the digital twin in the event of an attack and continue business operations while you work to isolate and eliminate the infection within your primary IT environment.
Employ Modern Technology to Scan Data More Frequently and Reliably
A new technique now makes it possible to look beyond the application down to where data resides, pick a point in time, isolate the data at that point, test and scan the data, and report – all the way up to the application layer – if an incident is found. This technique requires advanced technology to ensure the data is immutable, automate the process of moving the data into an isolated area and scan with 99.99% consistency in anomaly detection. This empowers organizations to scan with far greater frequency. Industry best practice is to scan every few hours, with many organizations targeting every four hours.
If a scan detects a problem, the company’s resilience plan comes into play, determining if it should isolate, delete, rebuild or take other steps to address the data set. If the scan indicates there are no anomalies, the company keeps, hardens and retains the data until the next scan.
Recommended CyberTech Insights: Security Tooling Without Breach Context is ‘Theater’: You’re Missing the ‘Why’ Behind the Compromise
Understand How Point-in-Time Maps to Ransomware Resilience at the Storage Layer
The point in time at which an anomaly is detected determines which copy of the data to recover to. Understanding the last known good copy is critical because attackers’ dwell times inside IT environments can be months. But if you scan data every few hours using the highest level of detection process available, it’s clear what data you should recover to. It then becomes an automated click-and-recover process to mount the new volume back up to the system very fast.
It’s important to note that all of this is happening in the background, so not only is it not visible to the infrastructure, an attacker also would not know it is happening. Experts also recommend that no single individual at any point in time has ownership of that data set.
Lay the Foundation to Safeguard Assets and Establish Trustworthy Audit Trails
Remember that regulators don’t ask for explanations; they want clear evidence. Make sure you are prepared to deliver by retaining your electronic records in a non-rewriteable, non-erasable format. But understand that while immutability is important, it’s not the answer to everything.
Establish an automated, policy-driven approach to ensure trustworthy audit trails. This approach should include the data sets, ownership, procedure, and everything associated with it.
Also adopt multi-factor authentication to ensure that only the people who should access your data storage systems can get into them. Use encryption to protect data in flight and at rest.
Recommended CyberTech Insights: Mobile Phishing in Healthcare: A Silent Threat to Patient Safety and Operational Integrity
Leverage Available Experts to Lower Your Risk and Maximize Your Uptime
Not every organization has the resources and know-how to craft and execute a plan to make their businesses compliant and resilient. Understand that partners can help you with everything from creating a plan that orchestrates your entire process – from incident discovery to point of recovery, to providing penetration testing, training teams, and delivering recovery as a service.
Seek partners with deep experience in data infrastructure, business resilience and your sector. Look beyond their ability to supply technology and ensure they have the sincere desire and proven capabilities to position you to reach the right business outcomes. Ask vendors to provide third-party proof from credible sources that their solutions meet the letter of the law.
Also, prioritize infrastructure with SLA-backed availability (such as a five-nines or a 100% data availability guarantee).
The Bottom Line
There’s no one-size-fits-all way to build regulatory and storage layer resilience. But the best approach will always involve investing in the technology that will deliver the business outcomes you are seeking and establishing procedures that will optimize the delivery of those outcomes.
If one trusted partner lets you do all of that, even better. Now you can benefit from simplicity, become more automated and intelligent, reduce your risk, and move your business forward.
Recommended CyberTech Insights: Fast Data Recovery and Business Recovery to Take Centerstage During Cybersecurity Awareness Month
To participate in our interviews, please write to our CyberTech Media Room at sudipto@intentamplify.com
