By Need

Security Programs

Enterprise wide security programs & zero trust

Hybrid Cloud Environments

Secure, scalable, and optimized

Modern Networks

The crucial foundation of business

Anytime Secure Access

Combining productivity and security

Innovation Velocity

Improved developer experiences

Managed Carrier Services

High performance and cost effective

View All Needs

By Industry

Finance & Banking

Stay ahead of today’s rapid change

Healthcare & Life Sciences

Improve lives with modern solutions

Business Services

Create efficiencies for sustained success

Public Sector

Serve the community with technology

Manufacturing

Unlock efficiencies for Industry 4.0

Retail

Get closer to customers

View All Industries

By Function

IT & Operations

Support your strategic vision

Engineering & Development

Enhance your developer experience

Finance & Procurement

Optimize for cost and security

Product Management

Make your vision a reality

HR

Focus on your people

View All Functional Areas
Managed Services

Remove the complexity of daily IT maintenance and focus on business growth

Cybersecurity & Risk Management

Secure business processes without sacrificing employee productivity

Cloud

Accelerate digital transformation while optimizing for cost

Carrier Services

Simplify and centralize complex business communication systems

Modern Workspace

Empower employees to work from anywhere on any device

Networking

Connect traditional environments to new secure cloud possibilities

Datacenter Modernization

Adapt to a hyperscaled cloud-first IT environment

View All Services

Learn

Knowledge Center
Events & Webinars
Blog
News

FEatured Resource

Cybersecurity & Risk Management 9 min read

Protecting the Digital Break Room: Collaboration Security for Microsoft Teams

By Jeremy Bello
Partners

Company

About Blue Mantis
News
Leadership
Awards
Philanthropy
Careers

FEatured News

4 min read

A Year of Transformation Produces Strong Tailwinds for Blue Mantis in 2024

By Josh Dinneen
Let’s Meet
All Blog Posts
Cybersecurity & Risk Management

How to Shield Your Business Against Ransomware

By Jay Martin March 26, 2024

Ransomware is one of the most formidable cybersecurity challenges for organizations worldwide. Ransomware attacks, which involve criminals breaking into a corporate IT network, encrypting an organization’s data, then demanding a ransom for its release, are big business, with ransomware gangs collecting over $1 billion from their attacks in 2023. To avoid becoming a ransomware attack statistic in 2024, you need a robust defense that goes beyond antimalware agents and blocking ports on your firewall.

Understanding the Ransomware Threat

Ransomware has become more than just a malware attack; it’s an organized crime strategy that targets the very lifeblood of organizations—their data. Unconstrained by the laws and compliance rules that legitimate businesses must follow, criminal ransomware attackers use dirty tricks to get past traditional cybersecurity measures. Even worse is the fact ransomware gangs are now employing sophisticated artificial intelligence and machine learning to trick their victims and exploit their vulnerabilities. The impact of such attacks against a business can be devastating, leading to significant financial losses, operational downtime, and reputational damage. 

To combat this evolving threat, organizations must adopt a more sophisticated and comprehensive approach to cybersecurity. This is where making your Business Continuity (BC) and Disaster Recovery (DR) program part and parcel to your zero trust journey is mandatory.

BCDR: The Safety Net

A good BCDR strategy takes a comprehensive approach to ensure an organization can continue operating during and after a disaster, including a ransomware attack. It involves identifying your most important business processes, developing recovery time objectives, understanding application and hybrid infrastructure dependencies and implementing policies, systems and procedures that ensure these services can continue or quickly resume in the event of disruption.

Key Components of BCDR:

  • Business Continuity (BC): Details how to continue operations during threats such as ransomware and may consist of manual workarounds until the environment (systems, facilities, networks, etc.) is restored.
  • Disaster Recovery (DR): This involves procedures and tools to recover data and restore system functionality after an attack. By having a plan that includes immediate isolation of affected systems and rapid restoration from backups, organizations can minimize downtime and mitigate the impact of ransomware.
  • Data Backup: Regularly backing up data is a cornerstone of DR. However, it’s not just about having backups but having them in both cloud and onsite storage, preferably encrypted. Diversifying your backup locations ensures redundancy, making it harder for ransomware to compromise all copies of an organization’s data.

Zero Trust: The Preventative Measure

Blue Mantis integrates zero trust principles based on CISA 2.0 maturity model into all our solutions. I have outlined what zero trust security means in a previous blog post, but it assumes that threats can come from anywhere—inside or outside the network—and thus, every request to access the network must adhere to core zero trust principles.

How Zero Trust Works:

To effectively combat the sophisticated threats of ransomware, understanding the operational mechanics of the zero trust security model is crucial. There are three key core principles to the zero trust security framework:

  1. Least Privilege Access: Users are given only the access they need to perform their job. This minimizes the potential impact of ransomware by limiting access to sensitive information. Network micro segmentation, conditional access, and role-based access control are some methods used to restrict access.
  2. Verify explicitly: Identities can be forged, and access duplicated; therefore, strict and continuous verification is required before access to services is allowed. Strong authentication and authorization techniques including secure MFA and device fingerprinting and validation support this principle.
  3. Assume Breach: Organization should operate on the assumption that an attacker is already in the network and looking to cause damage. Immutable backups, data encryption and real-time monitoring of network activity — to detect and respond to suspicious behavior before it can cause significant damage — help protect the organization.

Real-World Example: Thwarting a Ransomware Attack

Consider a global financial services firm that implemented a comprehensive BCDR plan and a zero trust security framework. When hit by a sophisticated ransomware attack, the firm’s defenses were put to the test. 

The ransomware managed to encrypt several critical servers, but least privilege and verify explicitly methods put in place protected the rest of the organization. Thanks to the firm’s BCDR plans (using the assume breach principle), the organization continued operations via manual workarounds and quick system restoration thanks to recent backups stored both onsite and in the cloud. Even though there was a hefty ransom demand, these protections and procedures allowed the firm to avoid paying and keep employees working.

The zero-trust security framework played a crucial role in containing the attack. Micro-segmentation prevented the ransomware from spreading to the entire network, and continuous monitoring helped identify the attack early, minimizing its impact. The principle of least privilege access ensured that the ransomware could not access critical systems beyond the initially compromised servers.

Blue Mantis Shields Your Business Against Ransomware

As ransomware continues to evolve, the combination of a comprehensive BCDR plan as part of your zero trust framework offers a robust defense in depth mechanism for organizations. Blue Mantis Cybersecurity and Risk Management solutions use zero trust principles by default and can align with your existing (or new) BCDR plans to ensure data protection, redundancy, rapid recovery, and stringent access controls.

A good way to gauge your business resilience today is to perform a Disaster Recovery Assessment that finds any potential vulnerabilities in your data backup strategy. This is part of our proven “assess, modernize, and manage” methodology to help organizations not only mitigate the impact of ransomware attacks but also enhance their overall cybersecurity posture.

Connect with us to learn how we can shield your business against ransomware attacks today.

Jay Martin

Vice President Security

With over 20 years in Information Technology and Information Security, Jay Martin brings a strategic vision and deep technical expertise to his role as VP, Security at Blue Mantis. Throughout his career, he has helped organizations of all sizes achieve service excellence and navigate the ever-evolving cybersecurity landscape. 

Jay is charged with extending Blue Mantis’ hypergrowth in cybersecurity, including assessment of market, customer and partner requirements and overseeing overall positioning and optimizing services delivery. He collaborates closely with the Blue Mantis IT team to ensure the company’s internal security posture and cyber resiliency remain at a world-class level.  

Jay’s background spans various IT disciplines, including network engineering, technical support, operations management, and security. This well-rounded perspective allows him to translate complex cyber threats into practical solutions that align with business goals.  He has a proven track record of architecting security programs, implementing robust solutions, and fostering a culture of security awareness within organizations. 

Before joining Blue Mantis, Jay held leadership positions at several companies, including InteQ Corporation and Hewlett-Packard – NetMetrix. In these roles, he successfully implemented industry best practices like IT Service Management (ITSM) to streamline IT operations and ensure service excellence.  He also leveraged his expertise in IT security and enterprise monitoring to develop comprehensive security programs that met compliance requirements. 

Jay is passionate about staying ahead of the curve. He holds industry-recognized certifications like CISM (Certified Information Security Manager) and actively participates in industry forums. This dedication to continuous learning allows him to lead Blue Mantis’ cybersecurity team in delivering innovative solutions that empower businesses to thrive in the digital age. 

Recent Blog Posts

View All Posts
Cybersecurity & Risk Management 7 min read

Is Deepfake Technology Outpacing Security Countermeasures?

By Rob Fitzgerald
Cloud 8 min read

Azure Virtual Desktop and Deploying Windows 11 at Scale

By Jeremy Bello
Cloud 7 min read

Maximizing Business Productivity with Copilot for Microsoft 365

By Josh Morganthall