Authored by: Sheena Chin, Managing Director, ASEAN, Cohesity
In 2017, the WannaCry ransomware attack affected more than 200,000 computers in 30,000 organisations across 150 countries. In Malaysia, according to Media Prima, the ransomware allegedly took over email systems and demanded 1,000 Bitcoins (around RM26.4 million) in payments before organisations were able to access it again. As of September 2019, 44 cases were reported to CSM’s Cyber999 Help Centre.
However, the impact of ransomware attacks is much more complex. Companies may lose not only data, but also trust and brand value. The loss of confidence can adversely affect a company's stock value. Such attacks highlight the importance organisations must place on ensuring their employees understand cyber risks and are aware of relevant information security measures.
Globally, the internet population as of 2019 has surpassed the 4 billion mark and Asia Pacific (APAC) currently holds more than 50 percent population share with 2.3 billion internet users online. As such, APAC nations face a higher potential threat of cyber attacks than other countries across the globe, in large part due to the speed and scale of growth in the region’s use of digital technology and associated connectivity.
Backup and recovery solutions are designed to protect organisations, but sophisticated malware like Locky and crypto-ransomware are now targeting companies' backup data. Even after implementing basic cybersecurity measures, companies can still fall victim to such attacks. One way of recovering critical company data is to restore from the backup solution.
Analysts are predicting a ransomware attack on businesses will happen every 14 seconds—at a cost of billions to global organisations. That is why companies need to keep these five considerations in mind when strategising how best to prevent, detect, and rapidly respond to a ransomware attack on backups.
1. Ransomware Attacks Make Backups a Liability
Cybercriminals are now aggressively targeting shadow copies of backup data to gain full control, or worse to destroy what has long been considered an insurance policy for business continuity. These attacks have become more sophisticated by entering a primary environment from an endpoint and heading straight for company backups before taking over the production environment. Companies are increasingly challenged as backup copies from which they would restore are also now infected.
What is needed to prevent ransomware attacking backups is a multi-layered defence. Original backup jobs should be kept in an immutable state. Multi-factor authentication (MFA) and write once, read many (WORM) capabilities for the snapshot are must-have features in any modern backup solution.
2. Expanding Attack Surfaces Expose Backups to Ransomware Attacks
IDC estimates that 175 zettabytes of data will exist by 2025. Data across organisations continues to grow exponentially, if not doubling every few months. A vast amount of this data, nearly 80 percent, is data consisting of backup, file and object shares, dev and test, and analytics. Today, this data is scattered across multiple silos and systems resulting in mass data fragmentation. Many organisations have copies of the same data and have very little visibility into what is stored there – all resulting in a wider attack surface. As a result, enterprise data has become more accessible to cybercriminals.
Preventing ransomware from succeeding in the first place starts with reducing the enterprise attack surface and improving the visibility of enterprise data (i.e. knowing what data you have and where it is located). A modern data management solution should provide global visibility and a unified way of managing data and infrastructure to eliminate mass data fragmentation.
3. Attacks on Backups Made Easier by Intermittent Monitoring
Ransomware attacks can originate from outside of an organisation or internally as a result of malicious or human error. How can organisations monitor and prevent it before it impacts backup copies? Advancements in machine learning and artificial intelligence should be able to help us in this area. Today’s modern backup solutions should be able to continuously monitor and detect smaller change rates by analysing files and audit logs – even when the team is not paying close attention. The right backup solution will protect the organisation from cyber attacks every second of every day.
4. Public Cloud Entry Points for Ransomware’s Criminals
Organisations in Asia are ramping up their adoption of cloud realising benefits of improved efficiency and lower cost. However, one of the key challenges is securing the data in the cloud. With critical information now residing on the cloud, ransomware attackers now have easy access if not managed well. A modern backup solution must provide immutability to data, have WORM features and the ability to detect attacks and provide visibility of your data across on-premise and cloud.
Staying ahead of ransomware requires a backup and recovery solution that offers a single dashboard. Being able to see, manage, and take action fast on your backup data – whether residing on-premises or across public clouds – will help organisations protect themselves from ransomware attacks.
5. Predictable Recovery
Whether you have been hit with a ransomware attack or an internal mishap (malicious or human error), when disaster strikes, it’s critical to quickly recover from data loss. If a disaster were to happen today, could the organisation predictably recover backup data - when and where it is needed - without compromise? The ability to ensure predictable recovery offers confidence in meeting SLAs and trust in the resiliency of the organisation.
To assess your organisation's readiness for achieving predictable recovery, ask these questions based on a framework of core recovery attributes:
Do you have 100% backup success rate? Data that is not protected cannot be recovered.
Can you do a global, Google-like search for any Virtual Machine (VM), file, or object?
Can you ensure recovery at scale?
Recovery at scale without proper tools can be crippling to operations. Being able to recover only two or three VMs or objects at a time prolongs downtime, resulting in SLAs being driven by duration of recovery rather than business requirements. For predictable recovery, you should be able to recover any number of VMs, files or objects instantly. Rather than waiting for the backup solution to hydrate backup copies for recovery, deploy a backup solution that can maintain an unlimited number of fully-hydrated backup copies that can be instantly mounted. This makes data readily available, even while data is being restored in the background. A modern backup solution will also allow data to be located easily across locations, and puts you in the desired workflow for ensuring predictable recovery at scale.
Prevent, Detect, and Respond Fast to Ransomware Threats
Organisations want to experience zero data loss from cyber attacks and they want to have the confidence to refuse demands for a ransomware payment. They must protect their data with a comprehensive approach to preventing, detecting, and rapidly responding to ransomware attacks.