By Sam Woodcock, Director of Cloud Strategy and Enablement at 11:11 Systems
As a wise man once said, a failure to plan is a plan to fail. This is especially true in the world of cybersecurity, where it is all but inevitable that an organisation will face a security incident. According to the 2024 Data Protection Trends report from Veeam, ransomware is the leading type of cyber crime, due to its lucrative nature. Cyber criminals have found that stealing, encrypting and selling data back to their victims is highly profitable, which has led to ransomware becoming a billion-dollar industry. Between ransom payments, maintenance, and lost business due to downtime, the average ransomware attack costs a business around £3.5 million.
According to Veeam, 75% of businesses experienced a ransomware attack in 2023, making it more likely than not that an organisation will be a victim. This threat is not going to stop any time soon, the key for organisations is to make sure they have proactive measures in place to minimise and even prevent the damage these attacks can cause. This means that decision makers must aim for a high degree of cyber resilience, allowing them to weather the storm of an attack, and there are a number of ways to achieve this.
Preventative measures
One key point to consider is having a multi-layered approach. This includes preventative measures, to reduce the risk of suffering an attack in the first place, and reactive risk controls, which focus more on speed and completeness of recovery.
In terms of preventative measures, one very simple yet extremely effective security feature is two factor authentication. Business email compromises and stolen credentials are some of the most common ways hackers gain access to secure systems. This can be accomplished through sophisticated social engineering, using tactics like phishing, as the human element of any system is usually the weakest link. Two factor authentication essentially robs hackers of the power to use stolen email addresses and passwords, which goes a long way to stopping ransomware attacks before they happen.
Another key tool in the security toolbox is anomaly detection. Say, for example, someone logs into a secure system from the UK, and then an hour later attempts another login from the United States. This is an obvious case of an unlikely scenario, and shows that one of these attempts is fraudulent. Anomaly detection can be easily automated, taking some pressure off security teams, and will allow for these attacks to be blocked before the cybercriminal even gains access to the system.
Reactive risk controls
While it would be nice to prevent 100% of security incidents, this is unfortunately not possible. There will always be some hackers who get lucky, or find an overlooked chink in a system’s armour. Therefore, it is essential to have a recovery plan that will allow organisations to minimise the impact of ransomware attacks.
Everyone working in the security space knows that backups of your important data are vital. However, cyber criminals know this too, and will go after backups first before encrypting the main data, ensuring they can get the maximum value out of it. Therefore, it is no longer enough to just have a single backup. The golden rule is ‘3-2-1’, meaning three copies of data, on two different storage mediums, with one off site. It is also recommended that a copy is stored in an air-gapped ‘clean room’, meaning it cannot be accessed via any network.
Something else that is vital to cyber resilience is making sure backups are immutable. This means that the backups cannot be modified or deleted for a set amount of time. This prevents any data from being accidentally or intentionally lost, and ensures it is there when needed for recovery.
One extra layer to this is that some systems have data immutability at the application level, meaning users cannot change the data. This is good for preventing employees from accidentally deleting key data, or for preventing hackers using compromised credentials, however this is not usually enough. Cyber criminals are generally quite tenacious, and will go deeper than just the application. Therefore, it is vital that the data is immutable at the storage level, meaning that even with access to the storage medium, the data cannot be tampered with.
Resilience beats ransomware
Ransomware attacks are a reality that will affect every organisation at some point, no matter the size. The attacks have far-reaching consequences, even beyond the immediate downtime and disruption of services. Leaked data that includes passwords and usernames can form the basis of future attacks, meaning that preventing one attack also prevents likely future incidents. There is also the added damage to an organisation’s reputation as a result of data breaches, as well as fines incurred from regulatory bodies.
Having a solid, well tested, and flexible backup strategy is the key to cyber resilience, and is vital in preventing huge losses that can amount to way more than just revenue. Blocking bad actors from the outset is the best defence against the ever-growing ransomware threat.