Data Resilience and Protection in the Ransomware Age
Data is the currency of every business today, but it is under significant threat. As companies rapidly collect and store data, it is driving a need to adopt multi-cloud solutions to store and protect it. At the same time, ransomware attacks are increasing in frequency and sophistication. This is supported by Rapid7’s Ransomware Radar Report 2024 which states, “The first half of 2024 has witnessed a substantial evolution in the ransomware ecosystem, underscoring significant shifts in attack methodologies, victimology, and cybercriminal tactics.”
Against this backdrop, companies must have a data resilience plan in place which incorporates four key facets: data backup, data recovery, data freedom and data security.
Ransomware is Just Business
With ransomware being a low-risk, high-reward opportunity for criminals, as it requires little effort to access sensitive information and demand ransom, it is becoming an attractive career choice for some. It is on this basis that ransomware has evolved into a fully-fledged business with more operations starting up every week. This is also fuelled by the increasing popularity of Ransomware-as-a-Service, a model where sophisticated threat actors develop and sell ransomware platforms to other threat actors.
With this rise in threat actors targeting businesses today, IT security can no longer be a problem for IT teams alone. Every decision is a commercial decision and will carry risk. And every person within an organisation has an important role in being the first line of defence and protecting a company from a breach.
From Passwords to Exploits
People make mistakes, and this makes them an attractive target for most threat actors. According to Mimecast over 70% of cyber breaches in 2023 were caused by human error. Advanced phishing attacks are more convincing than ever, making it harder for employees to distinguish between real and fake emails. It only requires a quick click of the button by a stressed, tired or disgruntled employee for threat access to gain a password that gives full access to the organisation’s data.
As such, while employees must be adequately trained to avoid falling victim to these phishing or ransomware attacks, this is merely the first step to improving a company’s security. However, it requires further security measures to be put in place to protect the organisation and its data.
Testing, Testing
Backups are considered the primary way to recover from a breach, but is this enough to ensure that the organisation will be up and running with minimal impact? Testing is a critical component to ensuring that a company can recover after a breach and provides valuable insight into the steps that the company will need to take to recover from a variety of scenarios. Unfortunately, many organisations implement measures to recover but fail on the last step of their resilience approach, namely testing. Without this step, they cannot know if their recovery strategy is effective.
Testing is a critical component as it provides valuable insight into the steps it needs to take to recover, what works, and what areas it needs to focus on for the recovery process, the amount of time it will take to recover the files and more. Without this, companies will not know what processes to follow to restore data following a breach, as well as timelines to recovery. Equally, they will not know if they have backed up their data correctly before an attack if they have not performed adequate testing.
Although many IT teams are stretched and struggle to find the time to do regular testing, it is possible to automate the testing process to ensure that it occurs frequently. These tools will also provide a realistic view of how resilient the environment is to threats and provide a host of scenarios that could impact the business, helping to prepare for almost any incident.
From testing to reality
While some organisations are surprised that they have been breached, according to Sophos, 83% of organisations that experienced a breach had observable warning signs beforehand and ignored the canary in the coal mine. Further, 70% of breaches were successful and threat actors encrypted the data of the organisation to prevent access to it.
However, as threat actors aren’t using enterprise-grade tools to gain access to data, enterprises are effectively at an advantage if they test and retest regularly, and back up their data effectively. A good guideline for this is the 3-2-1 rule, which states that there should be at least three copies of the data, stored on two different types of storage media, and one copy should be kept offsite in a remote location. Businesses also stand to benefit from partnering with an organisation that can protect the network to defend against threats and has the expertise to help them to recover from an attack.