Veritas Technologies Country Director Singapore Justin Loh says by proactively following industry best practices and recovery solutions, you can strengthen your organization’s operational resiliency, and grit, against ransomware sieges.
By Justin Loh
While the internet backbone was built with doomsday scenarios in mind, no one was quite prepared for the Pandora’s Box that came with the pandemic. It is safe to say that in many ways, organizations have catapulted into an alternate universe – one cloaked with a grayer veil on the economy, daily life, and human health around the world.
While world governments are doubling down on quarantine measures, the pandemic has also created an environment for cyber felons to thrive in. Remote workers are now easy conduits to corporate resources, and most organizations are unprepared to spot unusual network activities generated by these remote users. And in times of stress or distraction with teams already stretched thin, people are more likely to fall for malicious scams and tricks.
In the past, ransomware was something that only affected a few unlucky people who were forced to pay a couple of hundred dollars to regain access to their locked-out laptops. The Federal Bureau of Investigation (FBI) announced back in 2016 that the ransomware business will cross the $1 billion threshold in the same year. Fast forward to present time, it is a multibillion-dollar-a-year industry, as cyber criminals pin the bullseye on vulnerable organizations.
The costs do not stop with the ransom payout, according to the latest ransomware survey we conducted with 12,000 consumers across the world. Our survey findings showed that people want to see fines and compensation too. On top of this, there is the significant cost incurred to get a business back on its feet with downtime, loss of production, and challenges to deliver or bill for products.
The increase in cloud services fueled by remote working has been met with a growing trend in ransomware attacks – making business resiliency a more crucial piece of the puzzle than ever before. Remote connections in particular have made it challenging for most threat detection tools to differentiate legitimate work from something suspicious. For this reason, companies should not only think about how to protect their data in the cloud, but also focus on recovery and resiliency to ensure their business-critical data remains available. With so much at stake, IT teams cannot afford a reactive approach to ransomware.
While a strong frontline defense is essential to protecting your organization from ransomware, organizations need more bullets to confidently take on the threat. Cybercriminals are engineering sophisticated forms of ransomware capable of circumventing frontline security and taking advantage of modern multifaceted IT infrastructure.
A multi-layered approach to protection can provide assurance that if one defense measure fails, there are others in place to secure the system. To avoid coming under ransomware siege, have these considerations in your back pocket.
You can’t protect what you can’t see
Hybrid multi-cloud environments can provide many benefits to the enterprise, but also add numerous variables to data management and protection.
To successfully defend your organization’s IT system, start by understanding details on its data and infrastructure – where and how data is stored and who can access it. Armed with this information, you can develop baseline measures for data and infrastructure behavior, then establish reporting to alert administrators of unusual activity. Once notified, IT teams can take rapid action to deter ransomware from doing damage.
Always keep in mind that as more information is being stored in disparate locations, challenges in the form of dark data and the increased threat of ransomware will continue to mount.
It’s not surprising many organizations lack visibility into business-critical data. According to our Veritas Value of Data study, over half of the data (52 percent) is unclassified or untagged. Data in the public cloud and mobile environments is especially vulnerable. Only 5 percent of companies we spoke to globally have classified all the data in their public cloud, and just 6 percent have tagged all their organization’s mobile device data.
Reduce IT attack surface
In complex, interconnected IT environments, one phishing email to a single employee is all it takes for cybercriminals to gain access to your organization’s entire system. If an attack occurs, your backup will be key to recovery, so it’s crucial to protect them from deletion or encryption by ransomware.
When extortionate hacking goes beyond encrypting files to fully paralyzing computers across a company, it represents not just a mere sick day or two, but a crippling disruption.
Let me illustrate this with an industrial facility. While nothing might have blown up, the repercussions are far from trivial. You are still left with a situation where your plant is shut down, you have a significant recovery operation ahead of you that could take months to rebuild, and you’re losing money by the minute. The company is still in a world of chaos.
To decrease potential attack surfaces and safeguard data, use hardening best practices, such as multi-factor authentication, risk-aware password management, and role-based data access. Make multiple copies of backup data on at least two forms of media and use air-gapped and immutable storage to defend against destruction or encryption. Rehearse the recovery. Enhance the annual business continuity plan or disaster recovery drills to include table-top exercises to rehearse the end-to-end recovery processes. These should also be updated to incorporate the current remote workforce scenario as part of the organization’s protection strategy.
Bad actors should never be able to attack what should be your last line of defense against malware: your backup.
Don’t wait to automate and orchestrate
In diverse IT environments with hundreds or thousands of servers, manually recovering data can be nearly impossible. If malware corrupts backup data, restoring it could do more harm than good.
Prepare for rapid recovery from a ransomware attack by implementing an automated, orchestrated recovery solution that works across environments. A solution that enables non-disruptive testing, including testing backup data for malware, can help guarantee your recovery tool will work in a crisis. Think of this as a fail-safe design feature that in the event of a specific type of failure, inherently responds in a way that will cause minimal or no harm to other equipment, to the environment or to people.
By proactively planning, following industry best practices, and implementing the right protection, detection, and recovery solutions, you can strengthen your organization’s operational resiliency – and grit – against ransomware. In a way, the pandemic has served as unexpected motivation to finally get old vulnerabilities patched, change easily guessable default passwords, and expand data hygiene capabilities.
(Ed. Justin Loh says he is responsible for leading Veritas’ overall business strategy, sales operations and continuous growth in Singapore. Loh says he holds a Bachelor Degree of Computing from Monash University, Australia. Featured image of Loh courtesy of Veritas Technologies.)