A combination of existing attacks, such as phishing and social engineering, coupled with crimeware tools that deliver ransomware, has enabled the threat to evolve. This evolution has provided cyber criminals with a multitude of opportunities to exploit victims across the globe. It is estimated that by the end of 2021, a U.S Treasury Department report implicated nearly $600 million in transactions to ransomware payments in Suspicious Activity Reports. This revenue reinforces cyber criminals’ capabilities and legitimacy in their eyes, which in turn motivates them to continue targeting victims. However, it is unlikely that these cyber criminals will stop using ransomware as an attack vector, as they gain more financial resources and expertise over time.
Cybercriminals have solidified their positions as sophisticated entities with financial motivations and well-established operations. They are aware of their targets’ vulnerabilities and have developed new tactics to seize their targeted victims.
The Cybersecurity scenario persists to get more dangerous, despite the fact that businesses continue to spend enormous amounts of money on cybersecurity tools. The report from Gartner suggests that by 2024, a cyberattack will hurt crucial infrastructure that a member of the G20 intergovernmental forums will respond with a dedicated physical attack.
In this blog, we will share the possible ways how CIOs and cybersecurity professionals can efficiently safeguard their business critical data against the rising wave of ransomware. But let’s first try to understand why businesses are unable to fight against ransomware.
Why are major businesses unable to fight against ransomware?
To assure a payment, cyber criminals are not simply raiding the production environment but progressively targeting backup data and equipment – efficiently stumbling the insurance businesses rely on when calamity strikes. The offenders are often capitalizing weaknesses linked with legacy backup solutions before the rise of the ransomware industry.
Prior to the encryption of the production environment, malware is known to corrupt shadow copies and restore point data. Due to the underlying architecture, it makes legacy backup equipment an easy target rather than a defence against ransomware attacks.
Regular staff cybersecurity education and investment in cybersecurity tools is crucial to fight against a data breach. Businesses also require a new, robust backup solution that assists protection against ransomware attacks and quickly restore to reduce disruption.
Your organization needs an end-to-end solution to:
- Shrink their attack surface
- Protect backup data with new immutable architecture and policy-based data management.
- Discover inconsistencies that mean potential attacks with machine learning.
- Better visibility to make sure the backups are clean and wouldn’t assist vulnerabilities while restoring.
- Quickly recover and reduce disruption as and when possible.
Now, let us move on to the steps how CIOs can efficiently protect their critical data against the ransomware tide.
Zero Trust Mindset
A Zero Trust architecture must be the focus of all security professionals. Zero Trust means there is no intrinsic trust offered to assets, user accounts, microservices, or data dependent on location. With the help of a Zero Trust method, every user and transaction must be verified before business resource access is granted irrespective of the legitimacy of the operation.
More automation, specially for enterprise data, can reduce risk points and ensure a better support for zero trust policy. For example, data automation tools allow teams to quickly find sensitive data like names, email addresses, and credit card details for a number of data sources and replace that with corrupt data while securing development integrity, testing, and analytics objectives.
Improve Your Information Systems
Enterprises need to continuously test their defence strategies and recovery plans using tabletop exercises. Businesses leverage tabletop testing to assess and validate their response process from starting to end, and the main objective is to use the results for future preparation and reduce the risk to their crucial IT infrastructure during a ransomware attack.
Teams will find major gaps that their backup solutions may not be enough and can significantly take a longer period of time to restore than what the business can endure. Organizations require a more integrated solution that can optimize the complete recovery of apps, along with databases using a cybersecurity tool.
At the time of an attack, backups are the first to be compromised. Hence it is crucial to make sure that your information systems are flexible to perform the required functions in case of an unforeseen event.
Customize Endpoint Management
One of the reasons why ransomware attacks are growing is due to the rise in remote work due to the pandemic. Work from home setup can never replace a secure workplace setup as employees are not working in a secure perimeter. The attack surface grows and it makes it easy for cybersecurity criminals to attack.
Users typically do not hear as many warnings related to cybersecurity while working from home, making it difficult for them to make better decisions pertaining to security. This is more important with contemporary bring your own device (BYOD) arrangement in certain workplaces. All the users need to make sure that the data is not transferred or accessed from and to unauthorized devices. Customizing endpoint management allows information security teams to secure their data from being accessed remotely.
Enhance Your SOC
Any current workplace has a Security Operations Centre (SOC), a necessity of the times we live in. In order to protect against attacks, businesses need to have the SOC fully functional and advanced. It means your business needs to be prepared with the current tools, using more automation, and preparing better Security Information and Event Management and enhanced Security Orchestration, Automation, and Response (SOAR).
With the help of these abilities, businesses can be ahead of the curve when we talk about the advanced persistent threats (APT), early detection of fraud, and any consistent detection.
Avoid Backup from Ransomware
A contemporary backup solution with multi-level defence strategy is required to defend against ransomware attacks like:
- Immutable File System: It is best to maintain the backup jobs in time-base immutable snapshots. The backup is maintained in an immutable state and is not made accessible, which avoids it from being assembled by an external system. The best way to mount the backup in read-write mode is to copy the original backup, typically performed by the system itself. Though ransomware may be able to delete files in the backup, it definitely cannot impact the snapshot.
- DataLock: DataLock is a WORM for backup snapshots that enables solid security against a ransomware attack. This ability allows security officers to create and implement a “DataLock” method to some jobs and get better immutability against these attacks. This feature is generally incorporated with RBAC and hence there is no necessity for security tools.
- Multi-Layer Authentication: Though we need passwords to provide security, passwords get breached all the time. It is best to get a multi-factor authentication to reduce the risk against phishing attacks and password breaches.
- Air Gap: Security is a state of mind and can be compromised at any stage. It is best to duplicate your crucial data to another site with an extra layer of protection against ransomware attacks. By duplicating data to a new cluster/site will not impact the air-gapped replica of the file system on that particular site too.
Quick Recovery to Shorten Downtime
The most crucial business need after a ransomware attack is the ability to regain the compromised data. CIOs must work on the ability to find data across your global footprint along with the public cloud. Your applications and data can be brought back by this step and provides:
- Limitless Scalability – A web scale platform that enables IT teams to grow their cluster from three to limitless nodes with the ability to store unlimited snaps and clones without any performance issues.
- Global Search – Your business should rely on Google-like search capabilities that enables you to rapidly find data and infected files and take appropriate actions. It includes locating an infected file across different workloads and taking timely action to prevent further damage.
- MegaFile – A cluster is the perfect option to safely distribute files. MegaFile helps break down large files into smaller files for backups and recovery across nodes. The size of these chunks is unique and enables optimum performance.
When there is a ransomware attack, the business does not only deal with a single or even few files. The scenario is rather different where the IT team needs to recover hundreds of VMs. Apart from other backup solutions, it can take days or weeks to recover.
If your organization sees a particular spike in ransomware in the upcoming year, make sure you’re prepared by not only investing in new technologies, but also educating employees on security best practises. The earlier these conversations can start taking place, the better—when an attack does happen, there will already be a baseline level of knowledge and security awareness. With this level of preparation and forethought, it’s possible to decrease the probability of attacks occurring, as well as to limit their impact when they do. What do you think about preventing a ransomware attack? Is your organization ready to navigate the CyberSecurity landscape in 2022? If not, you can get in touch with us to know more.
Karan works as the Delivery Head at Conneqtion Group, a Oracle iPaaS and Process Automation company. He has an extensive experience with various Banking and financial services, FMCG, Supply chain management & public sector clients. He has also led/been part of teams in multitude of consulting engagements. He was part of Evosys and Oracle’s consulting team previously and worked for clients in NA, EMEA & APAC region.