WannaCry. notPetya. Locky. Each of these threats is a perfect example of the havoc that cyber attacks can wreak on businesses across the globe. And the crippling success of WannaCry specifically, has put ransomware front and centre – both for cyber criminals and the organisations they are targeting. Unsurprisingly, this has encouraged organisations to ramp up defences and fortify security in preparation for the next attack. But, no sooner have companies completed this task, than the next generation cyber attack appears that can circumvent these measures. Not only do these impact an organisations primary systems and data, but they can also corrupt backup data if it is not stored in a secure way.
As these cyber-criminals continue to stay one step ahead, businesses are struggling to protect their most valuable asset and are faced with a huge challenge when it comes to data protection.
In order to defeat these challenges, businesses need to understand the following things:
The price of an attack
When a ransomware attack strikes, the first response of IT staff is usually to shut down all technology on the network. Though this doesn’t remove the infection from the system, it can prevent the spread to other machines. This will protect some facets of the IT infrastructure, but can lead to extended periods of downtime – something that is extremely costly for any business.
In fact, according to a report by the Ponemon Institute, in 2016 the average cost of data centre downtime was $7,900 per minute. On top of this cost, if an organisation fails to have appropriate backup technology in place, they will often be forced into paying a ransom demand for the return of the company’s data.
While the cost of ransomware and the price of a ransom can themselves be damaging – and escalate for larger organisations – the criminals driving the business model behind these attacks are likely to look for more leverage to increase the impact of attacks in the future. One way of doing this is to force organisations into also facing the monetary consequences associated with compliance legislation. It’s likely that the next generation of ransomware will tap into GDPR, the new privacy laws that come into force in the EU in May 2018. In fact, the UK’s ICO has already fined one local council for not taking enough precautions to prevent an attack under current laws.
These new laws, which come with big fines for companies holding the personal data for EU citizens, make for a perfect roadmap for the next iteration of ransomware. If attackers opted to leak personal data instead of encrypting everything, it could create a whole new world of business dilemma. Between declaring a breach to regulators, paying fines and ensuring minimal damage to the business, an attack of this kind is certain to put extra strain on organisations.
Finally, if these outcomes weren’t enough, businesses hit by an attack will have to deal with the fallout of the data breach becoming public knowledge. As we have seen many times before, when an organisation suffers this kind of attack, its reputation is often left in ruins, resulting in additional financial loss.
The Enemy Evolves
Ransomware itself has developed into an extremely sophisticated business model. The dark web is full of ransomware tool-kits that can by yours for a small fee and often a percentage of the ransom collected if you know where to look. Additionally, as soon as security software is updated, a new strain of ransomware is developed to wreak havoc once again. It is a cycle that is hard to stay ahead of and often leaves traps to trip up defences in lots of places. For these reasons, the only way to stay one step ahead is to prepare many layers of defence.
Rather than implementing a single line of defence, companies should look at investing in a range of solutions that bolster infrastructure security in a variety of ways.
Defence in depth
- Companies with 100% anti-virus coverage, firewalls, email filtering/screening and that run user security training programmes are still vulnerable – but none of these should be ignored
- Automate system updates: this should be a routine part of IT maintenance, but when it comes to protecting an environment if left undone it can be the entry point of a cyber attacker’s dreams. WannaCry was a perfect example of exploiting organisations who neglected system updates and patching.
- Endpoint protection: one of the easiest ways into a network is through an unprotected end point, a laptop being the main soft target. However, with the right data protection solution, attacks can be spotted early and dealt with, not to mention getting the affected user productive again quickly
- Use multiple type of OS for backup systems
- Automate Disaster Recovery (DR) testing, and make sure you know what (if any) system dependencies there are for DR systems that could affect recovery
- Ensure your backup systems can isolate backup stores, and keep offline copies of backups
There can be no recovery without Backup
As depressing as it is, it’s best to assume that one day you will get affected, even with best security measures there are no guarantees. However, in the event that ransomware does strike, the best way to minimise damage is to have a regularly tested Disaster Recovery plan.
Operating a modern backup solution allows a company to restore all data to a point before the ransomware infiltrated the system, whether on-premises, in the cloud or for SaaS systems such Office 365. While some data may be lost in this reboot, the loss is minimal in comparison to the alternative. This approach can save both time and money, as it eliminates the need to pay a ransom and reduces the amount of time that a business is offline substantially. And at $7,900 per minute, less downtime could mean saving thousands of dollars.
It is worth nothing that it isn’t just businesses that recognise the importance of backup. This means that organisations shouldn’t simply invest in everyday backup systems. Instead, they should invest in a security conscious backup solution that can identify ransomware attacks in progress and restore data quickly, while adding an extra layer of protection to the data that matters most.
Ransomware is a problem that is here to stay and protecting data is becoming more and more challenging. As businesses begin to understand how ransomware is evolving, they can better arm themselves against the threat. This will mean adding extra layers of security and implementing backup infrastructure that is both efficient and secure.
Nigel Tozer,Solutions Marketing Director for EMEA at Commvault
Image Credit: WK1003Mike / Shutterstock