With ransomware attacks on the increase, Simon Chappell, CEO of Assured Data Protection explains how businesses can combine disaster recovery with threat detection to mitigate the risks to company assets and infrastructure.
Businesses tend to treat cyber security and back-up as separate functions. This is despite the fact they perform the same function, which is to protect an organisation’s most prized digital asset – its data. Judging by the spate of recent ransomware attacks, data breaches are becoming more prevalent. Criminal gangs regularly probe cyber defences looking for openings. Attack vectors vary, but the most common are corporate emails, and increasingly web applications and SaaS platforms, which now account for the majority of ransomware attacks.
To compound all of this, most businesses don’t have contingency plans in place to immediately respond to ransomware attacks. Digital incursions aren’t treated in the same way as a physical emergency like a flood or a fire that the emergency services are able to address. Paying the ransom won’t solve your problems either because once you’ve been compromised, your data is exposed, and the criminals are able to monitor your every move. That is unless you have a protected back-up infrastructure in place where all your data is safely encrypted. This allows you to continue functioning as normal in a secure and managed environment, while simultaneously conducting forensics on your compromised data and systems.
It’s crucial for businesses to have an integrated data management function in place. Malicious actors can go undetected for almost a year – the average dwell time for a threat is around 286 days. However, once discovered, critical data and digital assets can be immediately transferred to a safe, secure and encrypted environment, while extended threat detection (XDR) is employed to track and neutralize the threat.
Cyber resilience – Your data insurance policy
Businesses need to be more resilient to reduce the impact of ransomware attacks. Unfortunately, data breaches are inevitable. Even the best endpoint security systems can’t prevent them from happening. There have been cases where critical systems have been exposed by a wireless printer running on a network with access to the company exchange servers. Incidents like this create gaps that attackers can easily exploit, bypassing the company firewall altogether. If there’s a weakness in your defences the criminals will do their best to find it.
Businesses can better mitigate the impact of these attacks by achieving a state of cyber resilience. According to the UK government cyber resilience is, ‘the ability for organisations to prepare for, respond to and recover from cyber-attacks and security breaches.’
Generally, in-house IT teams are struggling to cope with the increasing volume and sophistication of cyber-attacks. Cyber defences are all too often made up of different vendor solutions stretched across multiple clouds and operated by different people using different procedures. The larger the organisation the more complex that mix of solutions and policies becomes.
As a result, many are now shifting as much responsibility as possible to trusted partners to mitigate risk and protect critical infrastructure. That outsourcing model is creating a data insurance policy which is invaluable to businesses today. Allowing them to continue to function with little to no downtime. Cyber defenses play a critical role in repelling attacks, but companies can only really achieve cyber resilience with integrated data management solutions that incorporate the latest XDR techniques.
The digital crime scene
The involvement of law-enforcement agencies adds another dimension to ransomware attacks that businesses need to consider. The police treat attacks as seriously as they would a physical break-in to an office. Like a break-in they will look to collect and preserve evidence as they conduct their investigation. However, this can result in the complete impounding of full systems as they attempt to find who was responsible for the attack.
This does present an additional challenge when dealing with a ransomware intrusion. Businesses have to simultaneously cooperate with law enforcement and try to mitigate the risks to data during an attack. The team resource is inevitably split between the two tasks and business continuity is ultimately affected as data and systems become a digital crime scene.
Compliance in the Age of Ransomware
There is an increasing need for businesses to have a managed services partner who provides a platform upon which you can recover your data to. This is also a pressing issue for financial institutions who are governed by regulatory bodies like the SEC and the FCA. It’s important that financial services companies select a partner that is equipped to handle data protection but also able to help them comply with regulatory requirements. Those companies need a partner that can conduct disaster recovery drills, while also employing a continuous recovery option for the most critical data, as well as provide a stream of regular reports for both internal and external audit requirements. Overall, businesses can use this model to host critical data in a recovery environment that is comparable to that in the original workplace. This allows businesses to carry on as normal and proactively manage threats – even cooperate with law enforcement – preventing further damage and the need to give into extortion.