Andy Wood, Technology Strategist at NetApp, outlines how businesses can make better choices when it comes to staying protected from a ransomware attack.
Ransomware is one of the most significant cybersecurity risks facing businesses today. As previous attacks such as the Colonial Pipeline attack in 2021 have demonstrated, your entire business can be affected when a ransomware attack occurs. In their recent Global Attacks in 2022 Report, Check Point Research noted that there was a ‘38% increase in ransomware attacks in 2022 compared to 2021.’
The increase in ransomware is not the only issue. The average ransomware attack costs business around $3.86m. Exceptional cases, such as the WannaCry ransomware worm, have led to outstanding expenses. WannaCry is estimated to have caused $4bn worth of damage, worldwide. This is astronomical and unfortunately part of a long and growing list of cases, especially for small and medium-sized enterprises that do not have the financial resources or technology to deal with it.
For example, according to the American insurance group AIG, which conducted a survey of 25,000 small businesses and SMEs over the same period, ransomware has now topped the list of claims from its customers with a 47% increase in the severity of attacks; some ransoms can even go up to several tens of millions of dollars.
While cyber-attacks are becoming increasingly state-of-the-art, so too are the cloud infrastructure environments that many organisations are using to store their vast amounts of data. With that in mind, it is crucial businesses don’t let their data get ‘held for ransom.’
The current context weakens companies
While ransomware is not a new concept, the impact ransomware attacks have is always developing, accelerated by the pandemic, unemployment, hybrid working and, in some circumstance, a lack of the right technology to help businesses to protect themselves from the attack. Further to this, the reputational impact can be astronomical. With customers finding other vendors and suppliers, a ransomware attack can truly devastate a business. Such impacts are now an increased challenge for cybersecurity experts facing better-organised attacks.
Building on this, data is increasingly being created in a diverse range of data storage environments on-premises, in the cloud, and on the edge. In fact, by the end of this year, IDC has predicted that almost half of new enterprise IT infrastructure will be created at the edge.
For that reason, it is becoming increasingly challenging for IT administrators and security professionals to understand the data that they have, where it is located, and the risks posed to it – never mind who exactly has access to it. What is often lacking is a common data management plane to control and manage data, to ensure it is kept secure.
Worse still, today’s enterprise networks often include numerous Internet of Things (IoT) devices, and this means that visibility and control over data are being lost and therefore securing it is that much harder. IDC has predicted that the volume of data in the world will reach 163 Zettabytes by 2025 and the majority of this will be created by IoT – which goes some way to demonstrating the scale of the challenge at hand.
When data is being moved to different endpoints, more tools and consequentially skills are needed – a current challenge when there is a significant digital skills shortage.
As we all know, data for hackers is pure gold and a very lucrative source of income when sold on the black market or dark web. For example, a list of email addresses of high-ranking executives within a company, combined with personal elements to better deceive recipients, can quickly represent a good basis for serving future targeted phishing campaigns.
We have seen the consequences of a ransomware attack recently which impacted Royal Mail. Attacked by Lock Bit, the export services were paralysed for weeks.
Too many companies don’t fess up
However, despite this alarming context, many companies do not file complaints against their attackers. This might be to preserve their reputation by concealing the incident as much as possible or because it is essential to continue their activities as quickly as possible – hackers primarily target organisations with a very low tolerance for production downtime – too many companies will prefer to pay the ransom.
However, the more this choice is made, the more ransomware will gain ground, not only by its lucrative side but also by the knowledge base and fragmented means developed against them.
How to avoid a ransomware attack
So, how do we deal with all of this? How do you ensure organisations can build strong data resiliency in multi-cloud environments? First and foremost because avoiding a ransomware attack is possible through the deployment of data protection and migration solutions that prove their worth every day – I will discuss my four tips to stay protected.
1. Mindset shift
It will probably be a cliché to say it like this, but unpreparedness is the way of hackers. Microsoft’s ‘Cyber Signals’ report notes that more than 80% of ransomware attacks worldwide result from misconfigured cloud technologies or services. The primary reason for this reality? Hackers primarily attack backup targets to prevent any attempt to restore data.
To combat this, a mindset shift is needed amongst CIOs to understand that cybersecurity protection at every point is a must, not a nice to have.
2. Take an automated and integrated approach
Prioritising an integrated and automated approach to a business’ work environments in order to better respond to a constantly changing technological landscape is essential. To do this, companies must first change their cursor and adopt a cyber-resilient approach by constantly preparing for a possible data leak or the threat of a production stoppage. A traditional approach to cyber-security, which aims above all to ‘barricade’ its systems, is no longer working.
Companies must move towards a more holistic and proactive approach, intended to protect as well as detect, respond, and recover, cyber-resilience must ultimately offer permanent business continuity thanks to the fastest possible data response and recovery capabilities.
3. Multiples
The proverbial crown jewels of companies are now in many cases their digital assets and extra protections are needed for them; organisations should look to implement user access controls to protect data while giving employees access to only the data needed to do their roles. Multi factor authentication can also add another layer of protection should a user’s credentials be compromised and prevents unauthorised access to sensitive data and systems.
Furthermore, to protect data, multiple endpoints of recovery are needed to ensure that endpoints are immutable and indelible, so even if malicious users or rogue admins have access to data, backups can be recovered.
4. Follow the 3-2-1-1-0 rule
The 3-2-1-1-0 rule allows business to protect against data loss. To follow this rule, businesses must:
- 3: Ensure there are at least three copies of their data;
- 2: Store backups on two different media formats;
- 1: Store at least one backup copy offsite;
- 1: Store no less than one copy offline; and
- 0: Verify backups without errors.
Organisations must remember that threats can sometimes come from inside and steps such as the above can protect from inside-out, as well as outside-in. Admin verification processes can also be strengthened, such as needing another admin to verify an important action that can have a significant impact on a system or users. The 3-2-1-1-0 rule can also be followed for best practice when it comes to ensuring that backups remain secure and protected from the actions of rogue admins and insider threats.
Once a company has understood that today the risk factor of a ransomware attack on its infrastructures is no longer based on ‘if’ but ‘when’, this increased speed of intervention and this reinforced ability to adapt can quickly become the guarantees of greater serenity.
Andy Wood
Technology Strategist
NetApp
