Authored by: Kamal Brar, Vice President and General Manager for Asia Pacific and Japan, Rubrik
Cybercriminals have been busy exploiting the current pandemic, a tactic they have used in many other global crises. Similar to previous times, attackers are preying on our need for information in the form of phishing emails, or other malware. However, in the current pandemic, we have witnessed the spread of attacks to large organisations including hospitals and government agencies. Employees pose a more significant threat to corporate security during this time by working from weaker home networks. This means that more organisations are vulnerable to the sophisticated ransomware attacks that hackers are using to take advantage of the situation. As a result, cyber resiliency is more important than ever.
Hackers will only continue to take advantage of unsecured systems to get to companies' valuable data. Companies are also agreeing more often to pay ransoms to recover their data. To reduce the potential impact of these ransomware attacks, organisations need to move from a reactive to a proactive model in which companies are prepared for attacks.
How Can Organisations Become More Resilient
Creating an organisation that is more resilient to cyber attacks begins with a mindset change, supported by technology, to ensure that data sets are protected. From a technology perspective, the most important question to answer is how quickly the IT team can recover once the system is breached. Automation is a critical way that IT teams can gain a better understanding of potential vulnerabilities, be proactive in identifying threats and quickly minimise the impact of ransomware attacks.
One area where automation can impact how organisations recover from a cyber attack is with backup data. Backups are often the last line of defence against ransomware. However, advanced ransomware attacks are encrypting or deleting backup files. When an organisation's last line of defence is compromised, ransom payouts increase. To avoid this result, organisations need to ensure that their backups are part of a reliable recovery strategy following an attack. For many IT teams relying on legacy backup solutions in the Philippines, recovery can be complex and time-consuming. Additionally, identifying the scope of the attack, locating the most recent clean data, and restoring quickly can be an even great time and resource investment. IT teams need to incorporate modern data management solutions into their ransomware remediation strategy to ensure minimal data loss and business impact in the event of an attack. These solutions should have three key features.
Native immutability to safeguard backups - Companies can guarantee their backups are not compromised in ransomware attacks by ensuring that all data and applications are stored in an immutable format. Data management solutions can provide instant recovery from immutable backups, meaning that ransomware never affects backups.
Fast recovery to minimise downtime - Recovering from an attack is generally the largest issue for ransomware victims. Organisations need a solution that will streamline the process of identifying and restoring the most recent clean version of the data. Automation frameworks such as ServiceNow Incident Response can also help to increase operational efficiency.
Granular visibility to reduce data loss - Minimising data loss from a ransomware attack requires IT teams to identify impacted applications and files quickly. This is a process that can be incredibly time-consuming with existing technology. Modern data management solutions enable organisations to identify which applications and files were impacted through intuitive data visualisations and roll back with visibility down to the file-level. This minimises the risk of data losses associated with mass restores that include uncompromised data.
Paying ransom should not be the only option an organisation has following a ransomware attack, especially when cybercriminals are taking advantage of a situation like the current pandemic. An effective defence against ransomware enables organisations to remain focused on more important priorities regardless of the situation.