Skip to main content

The need for a holistic approach in the battle against ransomware

(Image credit: Image source: Shutterstock/Nicescene)

Ransomware has truly hit the big time, and the situation is only set to get worse as cybercriminals increasingly seek to gain from its financially lucrative nature. As a result the global cost of ransomware attacks has steadily risen by billions of dollars year-on-year and is estimated to reach a staggering $20 billion by 2021, according to research by Cybersecurity Ventures.

In order to stay ahead of their victims we will witness attackers deploy more sophisticated, targeted attacks, taking deliberate, multi-staged approaches to disable protections step-by-step and carefully block any opportunity for backup or recovery before executing a data breach.

Some organisations are trying to protect themselves from such attacks by taking out ransomware insurance. At best this is unsustainable and self-perpetuating, and at worst it encourages cybersecurity apathy, with organisations preferring to put money aside to pay to get data back after an attack as opposed to investing proactively in the resilience of their organisation to prevent this altogether. I doubt you’d take out a house insurance policy, only to leave your back door open. Similarly, taking out ransomware insurance without using preventive security precautions leaves your business just as vulnerable to cyberattacks. 

What is required in the face of increasingly complex ransomware and malware attacks is a multilateral security programme that integrates accelerated resiliency with prevention, a robust backup and recovery system and a comprehensive post-event response and clean up plan.

Proactive protection vs reactive ransoms

As data has become the lifeblood of the modern world it has also become more desirable, and lucrative, for would-be attackers. Rather than opt to reactively pay a ransom, as is increasingly the case due to the perceived complexity and time-consuming nature of ransomware recovery, organisations must instead prioritise a holistic approach when it comes to defending themselves against ransomware. Accordingly, by investing in an emergency ransomware preparedness kit, including cyber-defence, reliable backup and recovery and clean up, organisations will truly be able to stay one step ahead of their attackers.

Data is only going to become more essential in the coming years and it is up to the organisations wielding that data to effectively protect it. One such way of doing so is by investing in backup tools that include immutable data as standard. By immutably storing data, and saving any modifications as a new, separate copy, organisations can confidently protect themselves from prevalent causes of data corruption and manipulation, including application bugs and human error as well as malicious ransomware. Once stored in this manner, data is immune to external and internal modifications, protecting the integrity of your backup.

Any modern backup solution worth its salt should incorporate immutable data storage to ensure all ingested data, infected or not, cannot infect existing data files. Ideally, this should be combined with data encryption both at-rest and in-transit, as well as built in role-based access control, that creates a robust defence against ransomware, and ensures security and data integrity. With immutable backups in place, victim organisations will quickly bounce back from an attack thanks to the ability to instantly replicate and recover their data.

Beyond protecting their backup, organisations should create a wider cyber-defence strategy that allows them to prevent and detect attacks and quickly recover using said backups as a last resort. To ensure this, security teams must proactively plan for attacks and invest in the right tools to help them prevent, detect and recover as quickly as possible. Providing they are as prepared as can be for an attack, the organisation’s infrastructure, incorporating a resilient, holistic defence strategy, will be built to survive the breach and avoid grounding their entire operations to a halt.

To better avoid this scenario, and keep foot with increasingly sophisticated ransomware attacks, organisations looking to create a truly holistic backup and recovery strategy should also leverage machine learning. Machine learning can monitor filesystem behaviour and metadata to detect ransomware and other suspicious activity whilst continuously evolving to stay ahead of the shifting threat landscape. Beyond bolstering any defence posture, a solution complete with machine learning is also able to map environmental changes in real time, meaning IT teams no longer need to comb their entire environment to determine which applications or files were impacted in a breach. In the case of a successful attack, machine learning capabilities also allow organisations to swiftly return to their most recent clean state, eliminating the need for the complex, manual restore processes many IT leaders still undertake, whilst further strengthening ransomware resilience.

If data is the new crown jewels, an organisation’s infrastructure and resiliency are the modern moat and drawbridge serving in defence. Unlike castles of old, however, securing a set, clearly defined perimeter is no longer enough. The Cloud, mobile, SaaS and other IoT devices have put an end to the traditional perimeter and as such today’s organisations now need to implement tools that allow them to compartmentalise their infrastructure to ensure it survives in the case of an attack.

More than the sum of its parts

In order to keep pace with increasingly sophisticated ransomware attacks, modern organisations must build a defence strategy that combines layered security, greater cyber-resiliency, robust, immutable backup and an actionable post-breach recovery plan that radically reduces attack damage.

A robust solution can work with any setup - be it on-premises, the Edge or the Cloud - to detect discrepancies, analyse threats and accelerate recovery in a matter of clicks. Ideally this should be complimented by an SaaS platform that is capable of organising and securing data cross an entire environment, presenting it in an organised, actionable manner that makes detection and recovery as simple as possible.

Only by utilising these insights, strategies, tools and capabilities to quickly bounce back from an attack - and not rely on ransomware insurance - can organisations create an holistic approach to prevention, backup and recovery, and be in the best possible position to survive whatever malicious attack comes next.

Filip Verloy, Field CTO EMEA, Rubrik (opens in new tab)

Filip Verloy is Field CTO for the EMEA region at Rubrik where he is responsible for supporting strategic opportunities; closely following industry trends and trajectory to shape product priorities; and evangelising Rubrik solutions and roadmaps as one of Rubrik's thought leading technical experts with customers, at industry conferences, trade shows and partners. Before joining Rubrik Filip spent a number of years in pre-sales roles at VMware, Riverbed, Dell, and Citrix.