By Darren Yablonski
The risks to business continuity have had many faces: malicious insiders, accidental deletion, and natural disasters to name a few. Today, the face of the enemy has changed. Ransomware is on the rise, making it the new top threat for organizations of all sizes. And as technological innovation grows, the threat posed by ransomware increases as well.
Ransomware is consistently evolving, with new attack patterns and methods popping up daily. Companies that do not fully understand the nuances of ransomware might fail to effectively protect against its unique threat vectors, resulting in valuable data being locked, altered, leaked, or destroyed in ways that erode the integrity of their business.
In Canada, more than half of ransomware attacks target critical infrastructure such as electrical grids, hospitals, and oil and gas. And in 2021, more than half of all cyber attacks in Canada were ransomware attacks.
Given the ubiquity of the modern-day scourge of ransomware, and the many different ways that an enterprise’s defences can be compromised, how can companies best address these threats, cover their blind spots, and secure their data to instill business continuity across their organization? Here are some important considerations as you develop your strategy:
Go on the offensive
Companies can take a proactive approach to mitigating ransomware threats through early detection.
For instance, traditional backup solutions help customers recover post-attack, or can even identify potential threats that reach their backup environment. However, this often comes into play when it’s already too late – when business data has already been encrypted, exfiltrated, or leaked.
To counter sophisticated new attacks, companies need a way to engage bad actors before they reach their data. Early warnings can be provided by modern backup solutions with integrated cyber deception, even if the threats elude conventional security tools. Rather than standing idly by as malicious code infects servers, businesses can actively surface and contain latent threats and zero-day threats instead of just recovering from them.
By going on the offensive, companies are able to identify threats to data before they affect the business. As the saying goes: An ounce of prevention is worth a pound of cure.
Take an active approach
Combating any enemy requires a mixture of both offence and defence. In this case, backups and recovery are the “defence” component. As one CISO recently commented, a good data protection system can be the “get out of jail free card” in these situations.
When it comes to active data protection, backup and recovery are key components — but these tasks are not as straightforward as they seem. As organizations continue to add new and additional technologies to their environments, data starts to be located across multiple locations, including hybrid and multi-cloud as well as remote and distributed environments. This mix of multigenerational technology causes data and workloads to fragment across the entire data landscape, creating data silos. Ultimately, this increases the complexity and difficulty to ensure consistent backup and recoverability across the environment.
A properly architected backup and recovery solution ensures data availability and consistent recovery processes for all workloads across cloud and on-premises environments – and it also actively works to reduce risks to your data.
For example, two proven techniques for reducing the attack surface on your backup data are data isolation and air gapping. The goal of isolating backup data is to have secondary and/or tertiary copies of backup storage targets segmented and unreachable from the public portions of the environment using virtual LAN (VLAN) switching, next generation firewalls, or zero trust technologies. That way, if your organization is infiltrated by ransomware or a malicious attacker, the cyber threat will have a limited attack surface. The public portions of the environment may get infected, but the isolated data will not because it cannot be accessed.
Taken together, this type of active data protection creates a strong defence that helps take the teeth out of an enemy’s ransomware attack.
Share the Knowledge
In the not-too-distant past, law enforcement agencieswould shine a spotlight on their “most wanted” criminals with photos hung in post offices; nowadays they share this information via social media. They want the public to be aware of dangers out in the world that might be a risk totheir wallets or their lives.
Today’s companies will also benefit from making their top enemy known and conspicuous, and gathering knowledge about how to defend themselves against the threats posed by ransomware.
Ensure you are providing your organization with the latest information so employees are on the lookout for potential threats – and are thereby less likely to fall victim to an attack. Providing regular updates and clear guidance on what steps they should take if they encounter an issue will help to keep everyone on guard and keep the organization as a whole better protected.
Make Testing a Priority
The only way to confirm that your data protection is reliable is when there is an actual emergency. However, conducting regular tests and reviews will reveal the resilience of your data protection and help maintain your ability to recover and fend off cyberattacks. By testing on a regular basis, you can ensure not only that your technology plan is sound and that all is working as it should – but also that your organization is ready. In addition to providing employees with updates, ensuring they’re a part of your testing schedule will help keep your procedures effective and up to date. Incorporate new scenarios and common threats that are out there in the world to keep everyone on their toes and to remind them what the face of the enemy looks like.
While cybercriminals continue to change their tactics and approaches, having a combination of offence and defence– partnered with solid education and testing – can empower companies to counter ransomware attacks and minimize downtime and data loss, ensuring that business continues uninterrupted.
Darren Yablonski is a Senior Director of Sales Engineering leading teams in Canada, U.S. and LATAM at Commvault. He is passionate about solving the world’s data management challenges using intelligent data services.