Protect your data from the inevitable ransomware attackBlog
Rethink your approach to back up and recovery in the light of the ransomware threat.
Backup and recovery plans are created to protect data, but these plans are often built with a focus around technology or hardware failure. However, ransomware attacks, which exploit the ‘human element’ in security, are now making headlines and generating renewed fear in organisations. To cope with this new kind of threat, your backup and recovery strategy needs to adapt. Ransomware is often seen as a security issue but it’s actually much more than that.
When dealing with ransomware attacks, the backup and recovery strategy you’ll need to adopt is different from those that have been put in place to cater for other threats such as hardware failure of theft.
A ransomware attack is different from other incidents in that it is a direct and instantaneous attack on all your organisation’s data. Ransomware is a form of malware which essentially holds information or entire devices hostage including desktops, laptops, servers and storage. And this makes it essential to revamp your backup and restore policies.
First, understand the threat
Research shows that ransomware attacks are surging. Our latest white paper Ransomware: The Prevalent Business Disruptor revealed that the sectors most often targeted by ransomware attacks are:
- business and professional services
Financial services is another area that is being increasingly targeted by cybercriminals.
The 2017 Global Threat Intelligence Report indicates that: ‘The maturity of these industries coupled with the value of data they hold, from personally identifiable information, personal health information, credit card data, to intellectual property, makes them a lucrative target for cybercriminals.’
The white paper adds that there was a 300% increase in ransomware attacks in the US between 2015 and 2016, and this is set to increase as criminals take advantage the growth in Ransomware-as-a-Service, where cybercriminals take advantage of these platforms to launch attacks. These emerging platforms allow ransomware attacks to become highly accessible to criminals, even those without the ability to program an attack directly. We expect that ransomware attacks will increase in frequency in 2018.
Organisations need to accept that they are, at some point, going to be subject to a ransomware attack of some sort. Those that bury their heads in the sand will be less prepared when the worst happens.
What you can do to protect your data from ransomware attacks?
1.Assess the risks
The first step involves identifying critical data and how it can be attacked and the optimal backup placement for this data. Critical data could include patient records in healthcare, client records in the financial services or government employees’ laptops in the public sector. Data can’t be classified by the kind of device it is being stored on – instead, it requires that you understand where your most sensitive data is actually being stored.
With the ransomware threat, placement of your data is something you need to consider seriously. Having backups on the same network as the primary data can pose an unnecessary risk, so having offline backups is considered best practise. You also need to make sure that the secondary site has the standards and tools in place to secure your data and that backups are not compromised. This is highlighted in the Report, which warns that backup files stored in general public cloud storage systems may be encrypted with ransomware during replication.
2.Protect your data
Network segmentation and dynamic network configuration are critical elements of protecting your data against ransomware.
By using a software defined network it’s possible to create a temporary network segment that allows only the devices being backed up to connect to the backup location, isolating backup data from the source of potential infection. These devices can include any network-connected device. This connection only exists for as long as the backup takes and this minimises the risk of ransomware infecting the backup location.
Recovery testing is vital to every properly constituted backup and recovery strategy. However, it is the most often neglected part of the plan. With ransomware on the table, recovery strategies need significant change.
A comprehensive backup should encompass policies to manage, protect and recover data across all applications and infrastructures. However, the bare minimum would include scanning backups for signs of infection.
Automation is a key component of any effective backup and recovery strategy and with ransomware protection this is no different. Automating system buildout tasks such as configuring security groups, networks and firewalls eliminates opportunities for human error that can increase risks. Extending backup strategies to cover the risks posed by ransomware can add complexity as more devices are added. Embracing automation is vital in ensuring that greater complexity does not increase the risk posed the organisation. An example is automating isolation of an attack when it occurs.
The bottom line
The only way to effectively safeguard against ransomware attacks is to implement a strategy (that’s executable and auditable) and to have regular testing in place.
All too often companies simply don’t have the resources to even recognise that an attack is imminent, let alone be able to counter it. It’s here that the trusted partner comes to the fore, in security, networking, backup, and recovery fields.
The white paper advises that with the trend towards consolidating security services rather than having multiple point solutions it is advisable to seek help from consultants from a reputable security service provider to help plan this constructively.
Enlist the help of a third party, such as Dimension Data, that can provide consultancy, solutions and services in security, networking and the backup and recovery – you’ll need assistance in all those areas to prevent attacks and limit the damage once you’re targeted.