The bug stops here

How to fortify your data in the event of a ransomware attack.

  • 1 year ago Posted in

Of the 85% of companies that experienced ransomware attacks in the past year, only 19% were able to recover their data without paying the ransom, and 33% of companies that paid the ransom didn't recover their data. It goes without saying that in the modern era, ransomware attacks are the worst kind of disaster for any company, writes Chris Norton, Regional Director: Africa at Veeam Software.

The growth and evolution of ransomware is one of the most destructive trends of the last decade, and its explosion in the business sector has shifted its significance from merely an economic crime to one with immense global security implications.

According to Veeam’s 2023 Data Protection Trends Report, 85% of companies surveyed globally experienced at least one ransomware attack in the past year. Worryingly, of those affected, only 19% were able to successfully recover their data without payment being made, with 33% unable to recover their data even after paying the ransom.

In today's era of ransomware, we are now talking about the possibility that we have to plan for 100% of data being compromised or made unavailable at any time. Ransomware is endemic, and companies are struggling to comprehend that notion.

Respondents to the report cited several challenges in effectively maintaining data security, including a lack of sufficient tools, resources and skills, as well as believing that ransomware defences are costly. However, according to the report, 60% of businesses say they require significant or complete alignment between their backup and cyber security teams, while only 45% believe their risk management programme is adequate.

Too often, companies are ill-prepared to deal with ransomware attacks, and in today’s increasingly connected environment, it’s not a matter of if or when an attack will occur, but how often. As such, there are several points companies should consider implementing to ensure their readiness.

There are three critical areas that need to be put into place before, during, and after an attack to ensure that your company’s data remains secure. These are focused on the people involved, the processes implemented, and the use of technology to mitigate any risk.

Preparation is key

The best preparation you can do today will set you up for success tomorrow, and the same can be said for your data security. While having the right tools in place is critical, it is your company’s preparedness for an attack that can mean the difference between whether your data will be held hostage or you will successfully fend off an attack.

● People

It is easy to overlook the human element. During the planning phase, it’s vital to create policies for end-user data handling and to identify and engage with departmental stakeholders. Your organisation's people can be your weakest link or your greatest asset, and it is important to always place emphasis on teaching employees how they can become part of your ‘human firewall’ and as such an extension of your security team.

● Process

Document your assets and identify any potential risks. Important information should be inaccessible by everyone, instead have limited access controls in place. Then, create and document your response plan and identify your most important IT assets and data as these will be the priority when it comes to order of recovery.

Compile a baseline for normal operations and deploy the relevant tools, such as network security monitoring, encryption, web vulnerability scanning, penetration testing and antivirus software. Most importantly, update your software regularly and put your plan to the test – at least every three months is recommended. Threat monitoring should be an ongoing process, as resilience to ransomware requires constant monitoring and vigilance in order to keep ahead of cybercriminals.

● Technology

You cannot protect your most sensitive data if you don't know what data you actually have stored. It is critical to create a data inventory and categorise data based on its sensitivity level.

As above, prioritise the importance of the data in line with the needs of the business. Following Veaam’s 3-2-1-1-0 rule, back up your data regularly in three different locations and on two different media types. One copy should be backed up offsite and one copy should be backed up offline, air-gapped or immutable and with 0 recovery verification errors. By doing so will allow you to quickly restore your data with minimal downtime and keep your business running.

Fending off an attack

Invincibility lies in the efficacy of your defence, and while the process of being attacked may seem terrifying, it’s important to stay calm, trust the process, and know that with the right support structures in place, your chances of coming out of the attack unscathed are high.

● People

It’s important that your organisation has a defined incident reporting and response plan in place so that your security team is promptly notified if there is a risk or compromise to your data. Inform any affected parties, and as a team, agree on a way forward to reduce your risk.

● Process

Ask yourself if your response and recovery can occur in parallel (most do), and execute your response plan. Risk management programs have become a core business necessity to support resilience and continuity. As such, it is important to gather evidence of the attack and communicate as a team to those who are running the recovery, as well as to the business at large where needed, and adjust your strategy as required.

● Technology

If you notice strange activity, contact your security team so they can investigate the issue, scan for potential viruses and remove any that they may find. It is also advisable to use software that can respond to the challenges posed by endemic cybercrime by providing best-in-class secure backup and fast reliable recovery from every cyber threat, including ransomware, to keep businesses resilient and running.

Let’s not do this again

Even after an attack, it’s important not to be complacent and think the threat is over. Conducting a post-mortem of an attack is often a difficult discussion to have, however, it is an important step in learning from past events and adequately planning for possible occurrences in the future. Although no two incidents are the same, vital lessons can be gained that will benefit future strategies.

● People

First and foremost, put egos aside. It’s important to discuss what happened, why it happened, and the timelines needed to address the attack. Thereafter, conduct an honest self-assessment, absorb any valuable feedback, and consider what can be done differently next time.

● Process

Discuss what worked and needs improvement, and analyse the procedures followed and if they were adequate. We're at a time when cyberattacks and data breaches have become so commonplace that 86% of African respondents to Veeam’s Data Protection Trends 2023 report had experienced a ransomware attack. As the threat landscape continues to evolve, ransomware prevention and detection must also evolve to mitigate and eliminate risks.

● Technology

Resiliency means being prepared before a cyberattack occurs. Regularly updating your incident response plans - that feature different scenarios and protocols - will improve your response and recovery time and allow you to better prepare for potential future attacks. Try sticking to tried-and-tested best practices and commit to your long-term protection and recovery investments. These are much cheaper than settling ransom demands, or overcoming the lost revenues, custom and market confidence associated with cyber-attacks.

Unfortunately, ransomware is not a chaotic occurrence; it is now endemic. Organisations must constantly evolve to survive this threat and ensure their business is resilient to its impacts.

The threat of ransomware is further exacerbated as technology continues to influence all facets of our lives. Veeam’s 2023 Data Protection Trends report found that only 14% of companies experienced zero ransomware attacks in 2022 across the Middle East and Africa.

With only 55% of encrypted or destroyed data able to be recovered following an attack, it’s imperative that data is secure, protected and recoverable. The sensitive data of your company and its customers must be equipped with tools to fend off an attack at any time. Bear in mind, an attacker only needs to get lucky once, but the business must be on alert every second of every day to deflect attacks. While there are no silver bullets to eliminate the threat of ransomware completely, these steps offer a foundation to build on to start fortifying your data to prevent any potential infiltration of your defences. And to overcome any breaches should they occur.

By Alasdair Anderson, VP of EMEA at Protegrity.
By Eric Herzog, Chief Marketing Officer, Infinidat.
By Shaun Farrow, Security Practice Lead at Bistech.
By Andre Schindler, GM EMEA and SVP Global Sales at NinjaOne.
By Darren Thomson, Field CTO EMEAI, Commvault.