It’s no secret that ransomware is a critical threat in today’s business landscape. According to one report, ransomware attacks are up by 95% year-over-year. We can expect this trend to continue as cybercriminals become smarter and more empowered by technologies like artificial intelligence (AI), which also help them carry out more sophisticated attacks at a higher volume.

Most of us are familiar with the ransomware attack on MGM Resorts that unfolded in the headlines last year; it’s a prime example of how damaging these incidents can be both financially and reputationally. The company lost a staggering 100 million dollars as a result of the attack according to an SEC filing, and hotel guests were forced to wait in hours-long lines to regain access to their rooms, undoubtedly damaging their confidence in the MGM brand.

Companies can’t afford the downtime, cost and reputational damage associated with ransomware attacks, but nearly every organization will contend with them at some point. And once an attack occurs, that is just the beginning. Cybercriminals can then demand multiple payments, steal data, or threaten to release sensitive information. Organizations must have adequate tools and protocols in place to protect themselves.

But detecting and recovering from ransomware attacks is easier said than done: 87% of organizations experience challenges related to ransomware and malware protection with their current IT infrastructure, according to the Enterprise Cloud Index. This is partly because nearly every modern organization stores some or all of its data in the cloud, which has created more attack vectors than ever before.

The threat landscape is formidable, but by focusing on cyber resilience, organizations can prepare for the unexpected and be in a good position to continue business operations should an attack occur. Cyber resilience is the practice of adopting the mindset that it’s not if, but when a business will be attacked. By prioritizing cyber resilience and the following best practices, companies can reduce the impact of ransomware in the cloud.

Have Both Automated and Human Processes in Place

Automation is crucial for maintaining security in today’s threat landscape. Organizations’ attack surfaces have grown dramatically with the advent and adoption of cloud computing, and automated security tools are necessary to keep up with security threats at scale. In particular, automated detection and recovery are vital for quickly and accurately identifying and remediating attacks so that organizations can maintain business continuity and avoid reputational damage.

That being said, it’s important not to overlook human processes. Had there been a stronger user verification process in place at MGM Resorts, for example (like a quick video call to a verified phone to confirm the employee’s identity), the hackers might not have been able to be successful. There’s still a place for human processes in every company’s security strategy, and it starts at the top: Busy executives need to make themselves available for things like identity verification or validating whether an employee can access certain systems or information.

Security Fundamentals are Critical, but so is Determining an Attack’s Root Cause

Today’s ransomware attacks aren’t just about hackers getting their ransom paid: Their goal is now about obtaining data and money is just the cherry on top. And once that data is stolen, there’s no getting it back. Ever. Companies have one chance to get security right the first time, which is why fundamentals like data encryption, secure backups, and security testing protocols are critical.

As mentioned, prompt detection and recovery are also essential for minimizing the damage of ransomware in the cloud, but this comes with an important caveat. Organizations must determine the root cause of the attack before attempting to fix it. If companies try to recover too quickly, they can be reinfected by malware and their backups may be compromised. To prevent this, organizations should approach security with a holistic mindset, prioritize communication between teams, and be sure to get the all-clear before attempting to fix the problem.

Engage Employees and Create a Positive Security Culture

Many organizations operate on the principle that security is everyone’s responsibility, which is great. However, things like security training and exercises need to be incentivized or gamified to capture employees’ attention and have a meaningful impact. Employees need to want to be active participants. A single employee could be the difference between a nine-figure business hit or a manageable incident. Gamification strategies like points and leaderboards, real-life simulations and competitions are effective ways to engage employees, but it’s important to also incentivize them with real compensation, not just “pizza party” style perks.

Where companies often go wrong is by doing things like putting out challenges and then publicly reprimanding employees for clicking a malicious link. Security should never shame people when they make mistakes, or they won’t feel safe mentioning legitimate security threats when they arise. Keeping things constructive  is key: Employees should feel comfortable asking for help and speaking up about their mistakes. After all, who among us has done things perfectly?

While eliminating ransomware is not possible, quick detection and automated recovery can minimize its impact on businesses and ensure that IT is in control of company data and brand reputation. Organizations’ attack surfaces will continue to expand as they move more of their infrastructure, data and applications to the cloud. By following the tips above, companies can minimize the impact of ransomware in the cloud not if — but when — it happens to them.