By Need

Optimize IT Environments for Cost, Efficiency, and Security

Managed solutions that lower TCO while increasing your ROI

Security Programs

Enterprise wide security programs & zero trust

Hybrid Cloud Environments

Secure, scalable, and optimized

Modern Networks

The crucial foundation of business

Anytime Secure Access

Combining productivity and security

Innovation Velocity

Improved developer experiences

Managed Carrier Services

High performance and cost effective

Staff Augmentation

Strategic IT talent on-demand

View All Needs

By Industry

Finance & Banking

Stay ahead of today’s rapid change

Healthcare & Life Sciences

Improve lives with modern solutions

Business Services

Create efficiencies for sustained success

Public Sector

Serve the community with technology

Manufacturing

Unlock efficiencies for Industry 4.0

Retail

Get closer to customers

View All Industries

By Function

IT & Operations

Support your strategic vision

Engineering & Development

Enhance your developer experience

Finance & Procurement

Optimize for cost and security

Product Management

Make your vision a reality

HR

Focus on your people

View All Functional Areas
Managed Services

Remove the complexity of daily IT maintenance and focus on business growth

Cybersecurity & Risk Management

Secure business processes without sacrificing employee productivity

Cloud

Accelerate digital transformation while optimizing for cost

Carrier Services

Simplify and centralize complex business communication systems

Modern Workspace

Empower employees to work from anywhere on any device

Networking

Connect traditional environments to new secure cloud possibilities

Datacenter Modernization

Adapt to a hyperscaled cloud-first IT environment

Resource Management

Find the talent to drive your critical initiatives forward with confidence

View All Services

Learn

Knowledge Center
Events & Webinars
Blog
News

FEatured Resource

Modern Workspace 7 min read

CIO Fireside Chat Recap: Leveraging Generative AI in the Microsoft Cloud

By Jeff Cratty
Partners

Company

About Blue Mantis
News
Leadership
Client Experiences
Awards
Philanthropy
Careers
Locations

FEatured News

Oct16

Blue Mantis and HYCU® Partner to Deliver Enhanced SaaS Application Management, Protection and Compliance

Read More
Let’s Meet
All Blog Posts
Cybersecurity & Risk Management

How to Shield Your Business Against Ransomware

By Jay Martin March 26, 2024

Ransomware is one of the most formidable cybersecurity challenges for organizations worldwide. Ransomware attacks, which involve criminals breaking into a corporate IT network, encrypting an organization’s data, then demanding a ransom for its release, are big business, with ransomware gangs collecting over $1 billion from their attacks in 2023. To avoid becoming a ransomware attack statistic in 2024, you need a robust defense that goes beyond antimalware agents and blocking ports on your firewall.

Understanding the Ransomware Threat

Ransomware has become more than just a malware attack; it’s an organized crime strategy that targets the very lifeblood of organizations—their data. Unconstrained by the laws and compliance rules that legitimate businesses must follow, criminal ransomware attackers use dirty tricks to get past traditional cybersecurity measures. Even worse is the fact ransomware gangs are now employing sophisticated artificial intelligence and machine learning to trick their victims and exploit their vulnerabilities. The impact of such attacks against a business can be devastating, leading to significant financial losses, operational downtime, and reputational damage. 

To combat this evolving threat, organizations must adopt a more sophisticated and comprehensive approach to cybersecurity. This is where making your Business Continuity (BC) and Disaster Recovery (DR) program part and parcel to your zero trust journey is mandatory.

BCDR: The Safety Net

A good BCDR strategy takes a comprehensive approach to ensure an organization can continue operating during and after a disaster, including a ransomware attack. It involves identifying your most important business processes, developing recovery time objectives, understanding application and hybrid infrastructure dependencies and implementing policies, systems and procedures that ensure these services can continue or quickly resume in the event of disruption.

Key Components of BCDR:

  • Business Continuity (BC): Details how to continue operations during threats such as ransomware and may consist of manual workarounds until the environment (systems, facilities, networks, etc.) is restored.
  • Disaster Recovery (DR): This involves procedures and tools to recover data and restore system functionality after an attack. By having a plan that includes immediate isolation of affected systems and rapid restoration from backups, organizations can minimize downtime and mitigate the impact of ransomware.
  • Data Backup: Regularly backing up data is a cornerstone of DR. However, it’s not just about having backups but having them in both cloud and onsite storage, preferably encrypted. Diversifying your backup locations ensures redundancy, making it harder for ransomware to compromise all copies of an organization’s data.

Zero Trust: The Preventative Measure

Blue Mantis integrates zero trust principles based on CISA 2.0 maturity model into all our solutions. I have outlined what zero trust security means in a previous blog post, but it assumes that threats can come from anywhere—inside or outside the network—and thus, every request to access the network must adhere to core zero trust principles.

How Zero Trust Works:

To effectively combat the sophisticated threats of ransomware, understanding the operational mechanics of the zero trust security model is crucial. There are three key core principles to the zero trust security framework:

  1. Least Privilege Access: Users are given only the access they need to perform their job. This minimizes the potential impact of ransomware by limiting access to sensitive information. Network micro segmentation, conditional access, and role-based access control are some methods used to restrict access.
  2. Verify explicitly: Identities can be forged, and access duplicated; therefore, strict and continuous verification is required before access to services is allowed. Strong authentication and authorization techniques including secure MFA and device fingerprinting and validation support this principle.
  3. Assume Breach: Organization should operate on the assumption that an attacker is already in the network and looking to cause damage. Immutable backups, data encryption and real-time monitoring of network activity — to detect and respond to suspicious behavior before it can cause significant damage — help protect the organization.

Real-World Example: Thwarting a Ransomware Attack

Consider a global financial services firm that implemented a comprehensive BCDR plan and a zero trust security framework. When hit by a sophisticated ransomware attack, the firm’s defenses were put to the test. 

The ransomware managed to encrypt several critical servers, but least privilege and verify explicitly methods put in place protected the rest of the organization. Thanks to the firm’s BCDR plans (using the assume breach principle), the organization continued operations via manual workarounds and quick system restoration thanks to recent backups stored both onsite and in the cloud. Even though there was a hefty ransom demand, these protections and procedures allowed the firm to avoid paying and keep employees working.

The zero-trust security framework played a crucial role in containing the attack. Micro-segmentation prevented the ransomware from spreading to the entire network, and continuous monitoring helped identify the attack early, minimizing its impact. The principle of least privilege access ensured that the ransomware could not access critical systems beyond the initially compromised servers.

Blue Mantis Shields Your Business Against Ransomware

As ransomware continues to evolve, the combination of a comprehensive BCDR plan as part of your zero trust framework offers a robust defense in depth mechanism for organizations. Blue Mantis Cybersecurity and Risk Management solutions use zero trust principles by default and can align with your existing (or new) BCDR plans to ensure data protection, redundancy, rapid recovery, and stringent access controls.

A good way to gauge your business resilience today is to perform a Disaster Recovery Assessment that finds any potential vulnerabilities in your data backup strategy. This is part of our proven “assess, modernize, and manage” methodology to help organizations not only mitigate the impact of ransomware attacks but also enhance their overall cybersecurity posture.

Connect with us to learn how we can shield your business against ransomware attacks today.

Jay Martin

Chief Information Security Officer

Jay Martin is the Chief Information Security Officer (CISO) and Cybersecurity and Risk Advisory Lead for Blue Mantis. His nearly three-decade career has been a mix of business leadership and information security. He helped establish InteQ Corporation, later acquired by Computer Associates, and co-founded Service Catalyst, which became a PwC acquisition, where he served as president and CISO. Both companies were leaders in IT transformation, cybersecurity, and governance risk and compliance.

At InteQ, Jay developed their Global Information Security practice, aligning compliance and regulatory requirements with financials, technology, processes, culture, and vendor partners. At Service Catalyst, he led strategic cybersecurity, operational readiness, BCP/DR, incident response, and ITIL/ITSM initiatives, working with Boston-area institutions like UMB Bank, T.J. Maxx, Harvard Business School, Logan Airport, and more.

During the implementation of the Affordable Care Act, Jay was tasked with enhancing the State of Vermont’s operational readiness, focusing on security incident response and ITSM practices. He managed the state’s cybersecurity plan of action and milestones after identifying deficiencies during a security control assessment.

As virtual CISO for Dunkin’ Brands International (acquired by Inspire Brands for over $15B in 2020), Jay managed cybersecurity and compliance activities, including vulnerability management, SOC/SIEM practices, third-party security risk, red team testing, and overseeing security in 8,000 stores.

Prior to joining Blue Mantis, Jay was Client Solutions Director and Cybersecurity Practice lead for Advizex Technologies, running their Emergency Incident Response Team and overseeing cybersecurity and compliance risk assessments.

Recent Blog Posts

View All Posts
9 min read

Understanding Your VMware Alternatives

By Tim Ferris
Modern Workspace 6 min read

How Our Technology Innovation Center Helps Simplify IT Device Management

By Scott DiGioia
Cybersecurity & Risk Management 7 min read

The Importance of Cybersecurity Awareness Month for Your Business

By Pete Harris