Skip to main content

Ransomware: The best defence mechanisms

ransomware
(Image credit: Pixabay)

The strength of a business’ cyber defenses has the ability to make or break it. If protection against ransomware is not in place, the risk of a successful attack is increased - the result of which is downtime and potential long-lasting damage to an organization’s reputation. Veritas’ own global research shows that consumers are none too forgiving when their personal data has been compromised: 49 percent say they would stop using the services of an affected company, and one in ten even believe the CEO should go to prison.

In spite of what is at stake, many businesses continue to neglect investing in adequate protection. A unified solution is one of the best ways for organizations to protect themselves against ransomware, yet all too often data is left untagged across multiple platforms, forgotten and therefore unprotected. If data is dispersed across an organization and siloed in virtual environments, it leaves a company in a very vulnerable position. 

Ransomware attacks are continually evolving and becoming increasingly complex and hard to spot. In order to best protect themselves, businesses need to approach their data management holistically. Staff need to be educated on how to spot potential threats, helping to build awareness around intrusion security, email and spam filters, antimalware, endpoint protection software and backups. For most organizations data is integral to success, but in order to use it best it needs to be kept safe, and the hardiest protection is built on a strong foundation of management and best practice.

The front line: Employees

Prevention is much better than a cure. Even though you can’t prevent every attack, the earlier they can be nipped in the bud, the cheaper and less damaging they’ll be. Just as you should never rely totally on prevention, you should never rely totally on restoration either.

For this to work, a strong understanding of the value of data and the importance of its management needs to pervade a company from the boardroom to the mailroom. In most cases, employees will be the foot soldiers in the defense against invasive malware, and it’s their immediate response that determines whether an attack is successful. Regular and comprehensive security training is crucial for making sure they can detect and report a ransomware attack before it can do any real damage.

However, data responsibility is more than threat awareness. How employees store, organize and classify data is just as important. When a set procedure is absent, data can easily go unclassified and eventually becomes ‘dark’, its location unknown and unprotected by the latest security patches or policies. This lost, dark data poses a potent security risk to companies. If you don’t know where your data is, how can you be certain it is protected?

Poor data management ultimately stems from human failure. It suggests strong data policies aren’t being created by company leadership, enforced by managers, or adhered to by employees. It only takes one weak link to break the chain, so data responsibility has to permeate the whole company.

Keeping data properly organized can be challenging in today’s highly fragmented IT and cloud environments. To prevent data from becoming lost in the machinery of the business, staff should have access to the right security and data management infrastructure. Endpoint detection and antivirus software will screen out a great deal of incoming attacks. However, staff also require tools that break down silos and consolidate all data within a single database so they can better monitor, maintain and protect it. 

Beating ransomware isn’t your IT or security team’s responsibility, it’s everyone’s. Strong data management needs a company-wide culture of data responsibility alongside the tools for malware detection and resolution.

A safe haven: Backups

A ransomware attack is a matter of if, not when. While prevention is of huge importance, failing to prepare for the worst would be negligent. That is why having a ransomware response in place is equally as important as preventative measures. No cyber defense is impenetrable – it only takes one employee to click on one malicious link in a moment of absentmindedness for your whole system to fail.

Ransomware can seep into the depths of your network at an alarming pace, knocking out your onsite data center one minute, and blocking access to your private cloud the next. In order to contain an attack and prevent it from spreading across various environments, companies need to take control of their data security. One of the first steps to taking control is putting a well-defined data backup plan in place.

When an attack hits, data backups essentially act as your insurance policy. If hackers are demanding a ransom and your data is backed up, there will be no need to pay the criminals as the data can simply be restored. For an added layer of protection, it is important to isolate the backups from the network, so they are protected themselves. Furthermore, multiple copies of each backup should be preserved and recycled through the system to ensure they aren’t sapping available storage space. 

However, if you don’t know where your data is, how can you ensure it is backed up and protected? This is where full visibility of your data comes into play. When you have a complete overview of all the information your organization is holding, it’s easier to protect under a single, consistent set of policies. In order to achieve this visibility, businesses need to invest in tools that link together the disparate data environments, thus allowing employees to locate data fast.

Of course, none of this matters if you don’t understand or know the back-up processes themselves, or whether the back-ups actually work.  As such it’s also vital in this preparatory phase to make sure that your run active rehearsals with your team, so everyone knows what to do and when to minimize downtime and ensure mission critical data isn’t lost.

The final consideration is complexity. To design and implement a unique data backup plan for every environment would be time-consuming, counter-productive and inefficient. Each time a policy is changed, the plan for each environment would have to be adapted, which would not be cost effective. A more productive way to go about achieving consistent levels of backup across all environments is to implement a platform that can automate this process, rolling out shared and updated policies across your entire data estate.

Data is an invaluable asset for any organization and losing it can cause the demise of a successful business. The move towards highly complex, hybrid multi-cloud environments puts pressure on organizations to ensure consistent data governance, protection and ransomware resiliency across all environments at all times. Without a platform that ensures you know what data you have, and where it is, businesses won’t be able to maintain visibility and will be leaving their data estate in a vulnerable position. In order to best protect themselves, organizations need to ensure that the right tools and procedures are in place to both prevent and respond to a ransomware attack. Staff need to be trained on the tell-tale signs of an impending breach, and an airtight response needs to be in place should the business be compromised.

Simon Jelley, VP, Product Management, Veritas Technologies