Kevin Foster, pictured, Testing Services, MTI outlines how you can cost-effectively protect your organisation from the growing tide of data threats, particularly the surging ransomware threat.
Data is the lifeblood of any company. It informs operations, provides a springboard for strategic decision-making, and ensures a business is fully cognisant of all the factors that ensure continued growth. As a result, data loss can be extremely damaging as well as being very expensive.
In 2015, data storage giant EMC estimated the annual global data loss was a whopping $1.7 trillion. Juniper Research put the total loss attributed to data breaches at $2.1 trillion globally by 2019, almost four times the estimated cost of breaches in 2015.
Rapid ransomware growth
Data can also be lost through the accidental deletion of files, hard drive and power failures, theft, fire and explosions. While the latter may be the least likely scenario, it does happen and companies should prepare against it. However, perhaps one of the most destructive threats today is the rapid rise in ransomware. Recent research revealed that ransomware has eclipsed botnets to become the main threat to businesses. During the fourth quarter of 2015, 83 per cent of all data extortion attacks were made with the use of ransomware. The CryptoWall ransomware generated more than $18m for its creators in a little over a year. One of the reasons ransomware is increasing is because it is an extremely effective way of extorting money. Security experts are predicting that in the coming 12 months, it will become increasingly targeted with cyber-thieves adjusting their methods to target specific organisations.
Increasing hacker sophistication
In the past few months alone, we’ve seen the emergence of increasingly sophisticated ransomware such as PadCrypt, TeslaCrypt, CTB-Locker, Cerber, KeRanger and Locky to name just a few. As ransomware locks you out of important files and documents, it’s incredibly important to have a back-up strategy in place. In practice, this means replicating data in real time onto external storage devices or archived storage. This approach ensures that you are able to essentially ignore the ransomware demands, as irritating as it is, wipe infected devices, implement security hardened builds and restore the files.
Disaster recovery service
The important point is to ensure that any back-up devices are protected from the network. Some ransomware is designed to burrow into networks and also attack external storage devices. The perfect antidote to this is cloud-based encrypted replication of the data. More specifically, this should be Disaster Recovery-as-a-Service (DRaaS) from the cloud. The problem with just traditional back-up is that organisations often have to spend on hardware, secondary sites, power and often training or hiring specialists dedicated to cloud-based back up. There’s also the issue of buying expensive hardware resources, which inevitably depreciate in value over time. In contrast, DRaaS removes the need for this spend because they are generally flexible, subscription-based models in which you pay for what you need, when you need it, with the ability to scale when required.
Securing cloud storage data
Access to cloud-based, replicated data has to be fully protected and there should not be any access without the right authorisation. Strict procedural controls need to be implemented when it comes to the modification and deletion of backed-up data. Data should also be separated into different cloud data sets so that it is not stored in only one place, removing the risk of it all being deleted in one go. Companies looking to replicate data onto the cloud should ensure that the service provider has all of the appropriate security certifications as a basic requirement (eg. ISO 27001, Cyber Essentials Scheme), as well as evidence of penetration testing to ensure that the security of the cloud storage has been tested for vulnerabilities and risks.
Ultimately, users themselves need to do their part in maintaining the security of the accounts and privileged remote access to cloud storage facilities. A compromise of their access or user account could result in compromise of the stored data. Ideally, access to administration functions should require two-factor authentication; certificate based mutual authentication (where two parties authenticate each other through the verification of digital certificate so that both parties are verified of the others’ identity), server authentication and restricted access to only fixed source IP addresses (e.g. only someone coming from your office network can see the Administrator or Login services for your storage account). Many cloud providers offer these Identity and Access Management controls; although not everyone makes full use of them.
Eliminating costs
VMware’s vCloud Air Disaster Recovery, for instance, shifts costs from CapEx to OpEx and essentially enables organisations to pay for disaster recovery solutions out of operating budgets. It’s a cost-effective and sensible way to improve on existing disaster recovery plans or even get a new plan off the drawing board and into operation with minimal cost and resources. It’s also possible to protect remote office sites without additional investments.
A central point to consider for any DRaaS is the recovery cycle and what is technically known as the recovery point objective (RPO). Essentially, this means that data needs to be backed-up at regular frequent intervals and importantly restore business processes quickly so a company can return to operations as quickly as possible. Disaster recovery is an important and necessary insurance policy. By using DR-as-a-service it can head off the damage caused by data loss, render redundant the surging tide of malware, deliver peace of mind and free up resources for investment in other parts of the business.
