Mark Jow, EMEA Vice President, Sales Engineering at Commvault, discusses the best practices for protecting your data against the growing threat of ransomware attacks and how we can tackle the issue once and for all.
The threat of ransomware shouldn’t be a surprise to anyone – it has dominated the headlines, taken down some of the biggest corporations, and grown hugely in 2021 alone. Frequently causing denial of service, ransomware interrupts essential services, including healthcare, fuel and food supplies. In fact, by the end of September 2021, the number of attacks in the United States had already surpassed the previous year’s total by 17%.
Ransomware is now a business, it’s not just the actions of a bored, isolated person looking to cause some disruption. Cybercriminals today are anything but ‘hackers in hoodies’. They are sophisticated groups of very intelligent people who make a living out of their work. They employ their latest recruits, offering benefits, lunch breaks, and regular working hours.
It is unsurprising, therefore, that 64% of businesses have fallen victim to at least one cyber attack in their history. Although ransomware is a top concern in boardrooms, what can organisations do to ensure that they are in good stead to prevent such attacks penetrating their systems and stealing their data?
Multiple tiers for maximum defence
Ransomware attacks can come from anywhere at any time – no size or sector is immune. A multi-tiered approach is critical to implement the best protection against such attacks and to future-proof defences against new cyber threats. Following the National Institute of Standards and Technology (NIST)’s five step approach should be the foundation of all cybersecurity policies:
1. Identification management
Protecting and securing your data is not just about authentication, authorisation, and audit control. The first step should always be to identify your data. Knowing what data you hold and where it is located is essential to protect it. How are you supposed to protect your data if you don’t know what it is or where it is stored?
Accurate data identification is fundamental in designing the right architecture and cost model that will best protect your data for the long-term. So often, organisations use multiple disparate technology solutions that do not identify key data or integrate it in the correct way. Using a single, integrated solution will facilitate effective protection because all data will sit under the same solution. Should they fall victim to a ransomware attack, data will not leak through the cracks of the mismatch of different solutions.
Strong management of the right corpus of data is so important because it allows the most effective protection to be put in place. This is crucial because effective management allows for quick and easy detection of vulnerabilities – essential to limiting the impact of an attack, should it penetrate your system. Organisations that detect a vulnerability early experience the least destruction following a ransomware attack.
Continually monitoring and testing security solutions is essential for success. Having the knowledge of what goes on in your IT environments by the hour and minute will enable you to quickly detect any abnormalities and react accordingly with ease and pace. You can never practice a response to a ransomware attack too often. Make sure you know exactly what to do should one occur to limit downtime and prevent loss of data.
Organisations that navigate ransomware attacks and recover their systems the quickest and easiest are those that keep calm and have procedures in place. It goes back to the response – those who know what to do can handle the situation calmly and efficiently.
Many organisations are turning to cloud-based solutions as they adopt hybrid working models, and this provides an additional layer of backup when it comes to recovering lost data. If victim to a ransomware attack, datasets can be returned into a safe environment without having to manually check that each dataset is cleansed.
These five steps are not 100% fool proof, but following this framework certainly mitigates the risk of the downstream need to recover should an attack happen.
Is change on the horizon?
Arguably, it is difficult to foresee how the growth of ransomware can be stalled. So long as organisations continue to pay the ransom – of which 83% do – cybercriminals will continue to deploy such malware. Although it is easy to say that organisations should simply stop paying, most feel that they have no choice once their critical data is in the hands of cybercriminals.
Ultimately, government intervention is needed to legislate and prosecute cyber activity. International forums like G20 and G7 bring governments from around the world together to combat global issues, such as climate change and sustainability – the same is needed for cybersecurity. Only once it is taken seriously as a political issue will it be successfully implemented as effective legislation that can be widely and officially prosecuted.
We are moving in the right direction. President Joe Biden’s executive order on cybersecurity, issued in May 2021, sought to improve national cybersecurity and protect government networks from such attacks. Biden’s introduction of cybersecurity as a political subject has proven effective in bringing the topic into the mainstream media.
With the growing awareness of the severity of the situation, governments from across the world are beginning to collaborate on tackling the worsening problem of ransomware attacks. The UK and US recently announced that they have reaffirmed a joint commitment to disrupt and deter new and emerging cyber threats. Working together, both governments are taking a stance against cybercrime, and, in doing so, are setting the tone for how organisations across the globe approach these challenges.
- Why developers are our best defence against cyberattacks
- Digital transformation for the digital generations
- Prioritizing business resilience and protection in 2022
- Solving cloud security with observability
Until decisive action is taken and official legislation is implemented, the best way that organizations can protect themselves against the weapons of cybercriminals is to plan, stay alert and implement the multi-layered approach to security. Take responsibility for your assets, protect them with the best cybersecurity practices, and never be complacent.