The risk of a ransomware attack is rising. With the prevalence and ease of access to criminal toolkits, often referred to as ransomware as a service, or RaaS, targeting a single organisation on multiple fronts is only becoming easier, and attacks can be made even more effective when combined with social engineering tactics.
The cost to businesses can stretch into the hundreds of millions. The shipping giant COSCO is the latest company to succumb to a high profile attack; with the NHS’s WannaCry shutdown among the best-known incidents.
Many organisations are asking how to prevent ransomware. No security strategy is iron-clad, but there are a variety of preventative steps to take which can mitigate both the risk and impact of a ransomware attack.
1: Get Serious about Patching
Many ransomware attacks that have made headlines have used relatively well-known vulnerabilities, and organisations that have strong patching regimes have avoided infection. The challenge is that the ‘Ransomware as a Service’ business model employed by cybercriminals seeks to weaponise security holes at a faster rate, to increase potential success, and their profits.
While no ‘zero days’ exploits have yet made it into a viable ransomware attack, experts believe it’s only a matter of time before they do. Patching can be hindered by change controls, which can affect users and production systems. For this reason, a pragmatic, balanced approach is required between fast-patching and reliability – another reason why rapid-recovery systems are necessary, and why patch compatibility with backup systems should be the first thing on patch check-lists.
2: Protect your Disaster Recovery plans
A commonly encountered issue after ransomware hits is complete loss of the system blueprints and disaster recovery plans, which is a risk for any digital-only documents.
The lesson here is the importance of ensuring full access to comprehensive DR and recovery plans remains in place under all circumstances. Good backup software vendors offer services for secure offsite storage that can help.
If you have never experienced a massive outage from malware, it’s hard to imagine, and failure to understand what’s needed will mean outages continue for much longer than necessary – days or weeks, not just hours.
Due to its nature, stopping all malware is practically impossible, so spotting it early is the next best thing. Desktop computers are the usual entry point, so modern anti-virus technology, staff training, scanning gateways and regularly patched, properly configured firewalls are needed as a minimum. It’s also worth looking beyond traditional security vendors for additional protection. Increasingly, backup software can play a part in the detection and alerting of ransomware attacks, especially when it covers both desktops and production systems.
4: Look to AI and Automation to Increase your Protection
Many vendors are turning to AI to help, in the security space and also in backup – both critical parts of your cyber/malware defences. Backup systems, for example, will look at changed data and files every day, and by using AI to understand what kinds of changes are normal and which aren’t, it can send reliable alerts on suspected incidents. In addition, it can also automatically extend retention so that older backups are retained until the anomaly has been checked out.
Advanced reporting means valuable gap analysis can provide insight as to where your recovery processes might fail, and by leveraging AI you can easily re-organise backup methods and schedules for even the most complex hybrid-cloud estate, putting you in the best place for recovery.
5: Become ‘Recovery Ready’
A significant malware attack is a game-changer. System dependencies kick-in and create recovery-roadblocks, communications go down, plans evaporate, and business recovery priorities shift like desert sands. You may even need to build a new datacentre to recover to (as with COSCO and others).
It’s imperative to have a robust backup system with its own defences – failure to do this means cracking the encryption keys or paying the ransom becomes your only option, assuming that destruction alone is not the purpose of the attack.
However, recovery readiness is not just about creating secure backups. It relies on meeting required restore goals, in the right order and system groups, and to different targets – even the cloud – while all around is in chaos. Recovery readiness is as much about the support you can get when you need it, as it is about having a reliable backup system and a complete plan that is regularly reviewed and tested.
One only has to take a casual review of the tech media to see the industry concern about this present and ongoing threat, underpinned by organised crime and rogue states, not to mention the part that western governments play. These threats transcend modern availability systems, so if you haven’t reviewed your backup systems in a while, it’s time you did. You might be pleasantly surprised to see just how much has changed.
This article is from the CBROnline archive: some formatting and images may not be present.
Join Our Newsletter
Want more on technology leadership?
Sign up for Tech Monitor's weekly newsletter, Changelog, for the latest insight and analysis delivered straight to your inbox.