Addressing the threat posed by ransomware is the biggest security challenge for CISOs, according to recent research from Microsoft, and this isn’t set to change any time soon, says Dan Middleton, Vice President UK and Ireland, at the back-up and recovery software firm Veeam.
Ransomware is the cyberattack vector that receives the most mainstream coverage. Recent incidents being claimed by groups include: BlackCat, which admitted responsibility for ransoming an energy firm based in Luxembourg; LockBit, which claimed to have stolen 78GB of data from Italy’s tax agency; Hive, which ransomed data from a school in Bedfordshire, and LV Group, which stole 2TB of documents from German semiconductor firm, Semikron. What’s worrying is that, according to the Veeam Ransomware Trends Report 2022, almost half (49pc) of EMEA organisations believe that a significant or complete overhaul of the alignment between their backup and security teams is needed to protect their data from ransomware attacks.
It’s clear that no industry is off limits from ransomware gangs, and that they are gaining traction. Their methods are also evolving, as it’s no longer common for cybergangs to just encrypt data and demand a ransom for its release. They now frequently syphon a business’ data first in order to release it on the dark web if the payment isn’t made. Ransomware is a disaster that costs businesses nearly two million dollars (US) per incident, so it’s vital that businesses have protections in place to stop malicious actors accessing their data in the first place. However, this isn’t always possible, and it is often said to be a case not of if, or even when, but how many times a ransom attack will impact a business.
According to Veeam’s report, 76pc of organisations infected with ransomware have admitted to paying the demand to decrypt their data. Payment as protection has become a more prevalent issue with the rise of cyber insurance schemes, which reimburse the financial outlay made by businesses as the result of a cyberattack. However, Veeam’s research also found that one-third (29pc) of EMEA businesses didn’t regain access to their vital assets after making payment. This drives home the importance of not relying on making ransom payments as a data protection strategy: it is unquestionable that organisations need to have plans in place to properly protect their data.
Data protection
The core tenet of a Modern Data Protection strategy is secure, immutable backups, which are critical when it comes to restoring business data hit by a cyberattack, and essential for ensuring it returns to business as usual as fast as possible. Having a data backup plan in place removes the need for businesses to negotiate with cybercriminals, as they can simply revert back to their latest backup and restore the data from there. Unfortunately, it’s not always that simple. Cybercriminals are malicious and unforgiving by nature, and Veeam’s report found that threat actors target EMEA businesses’ backup repositories in 88pc of attacks. They are also broadly successful with this tactic as at least some were infected in 75pc of attacks.
This is worrying because as a business’ last line of defence against ransomware, their data backup repositories are an irreplaceable resource. Therefore, simply adopting cybersecurity tools and strategies and backing up valuable data isn’t enough. Businesses must also look at how they can truly secure their backups to make their approach to data protection airtight.
Securing data backups
Currently, 22pc organisations are able to recover ransomed data from a backup, rather than paying a ransom demand. How do the remaining 78pc get to this enviable state? There are three key contributors to the success of this approach, and this is what businesses must focus on if they wish to do the same:
1.Immutable or air-gapped backup repositories
To protect their backups, businesses must first diversify and separate them from the rest of their network. Veeam advises that they follow the 3-2-1-1-0 rule, which says there should always be at least three copies of important data, on at least two different types of media, with at least one off-site, one offline, with zero unverified backups or backups completing with errors. It’s common for businesses to use a combination of cloud, on-premises and tape solutions to air-gap their backups and ensure they are immutable to external conditions, making them reliable for when they need to be drawn upon.
2.Verifiably recoverable and ‘clean’ data
According to the Veeam Ransomware Trends Report 2022, only 37pc of businesses assured the cleanliness of their backups before their last cyber event, and only 35pc verified that their backups were recoverable. It is advisable for organisations to develop some kind of ‘remediation playbook’ that includes processes to ratify the integrity of backed up data, establish that it is ‘safe’ to recover from, and to assure recoverability is possible. Following on from the point above, they should also have multiple copies of data backups available so if one isn’t recoverable or clean there are other options.
3.Orchestrated workflows to test backups and reduce time to remediation
Only one in six businesses claim to use automation to verify and validate their data backups, Veeam’s research found. In an age of burgeoning data volumes and increased risk, using automation and orchestrating backup workflows is key within this process, as it can help businesses ensure backups are tested extensively, efficiently and often, without unnecessary strain on staff – with the bonus of freeing them up for other projects. Security and IT teams can then rest in the knowledge that their backups will be reliable when they are required, that the steps are in place for backups to be restored and for the issue to be remediated quickly.
Businesses can’t escape the threat of cybercrime, especially ransomware, so they need to properly ensure they’re prepared for a worst-case scenario when – not if – it happens. A data protection strategy reliant on succumbing to ransom demands to decrypt and regain access to vital data is not a Modern Data Protection strategy. It is also one that insurers are taking a progressively dim view of as their cybercrime losses mount.
Data is a business’ most valuable asset – it’s not just customer, supplier or staff data, but patents, trade secrets, copyrights, digital assets, all the things that deliver competitive edge or stakeholder attraction. So they must use every potential tool in their arsenal to build in resilience to first prevent the chance of an attack happening. And then to ensure that it has minimal impact on their operations, their ecosystem and the security of their data in the increasingly likely event that cybercriminals do breach their defences by following the steps outlined above.
