Practical tips to prevent ransomware
by Rick Vanover, Senior Director Product Strategy at Veeam Software
The demand for data security is more important than ever before. According to a survey done by CrowdStrike on global security attitude, the number of organisations falling for supply chain attacks around the world have increased from 14% to 39%.
As we progress in the age of technology with tighter and robust security measures, a ransomware attack is still one of the biggest challenges faced by industrial enterprises. Today, hackers are using people's fears and confusion to create cyberthreats while leveraging on the coronavirus situation – security risks such as system paralysis, data loss, and business interruption due to phishing attacks and malware have been emerging over the last few months.
A diversity of threats
There is incredible fragmentation in the types of threats in play today. The threats come in a number of different ways, behave a number of different ways and even attack differently. As an example, some ransomware threats can upload data instead of encrypting the data. The victim will be threatened by the hacker, leveraging on a public leak of potentially sensitive data.
These disguises and behaviours make it very difficult to consistently defend against the landscape of threats. The rule to follow is to have increased awareness by monitoring and analytics of the IT environment to be aware of what should be considered normal behaviour in the IT infrastructure.
As a solution, organisations are highly recommended to increase encryption to help defend against threats. Using backup data as an example, take a step back and think about all the implications of blackmail using the whole backup of an organisation.
At Veeam, all our clients are advised to implement more “nearline” encryption and enhancing security practices for backup systems. With this, backups are encrypted in every step of the way, including the first disk resource on-premises.
Encrypting backups have historically been a great idea when tapes leave the IT facility or if data is transmitted over the Internet; but with these threats, the need for encryption becomes more critical. Ideally, implementing resiliency can prevent this situation, but this is beyond the previous recommendation around encryption. Consider the factors that enable that behaviour:
- How was the threat able to get in?
- How did data manage to leave the system?
- Are monitoring and analytics in place to identify the threat?
Encrypt, encrypt, encrypt
If a blackmail threat happens, it is usually too late to take action – therefore organisations are highly recommended to use more encryption throughout. Encrypted backups or other data will be ineffective out of the management realm.
Consider outside help
The IT security community is generally consistent in recommending that victims never pay the ransom. One of the best courses of action is to engage with a breach task force. There are IT security firms that specialise in the analysis of what happened and can advise to prohibit this from happening again.
More resilient backups
It is extremely advisable for organisations to implement ultra-resilient backup storage. It is the single most effective form of storage to be resilient against ransomware. Here are four ways organisations can have ultra-resilient backup storage:
- Tape: Believe it or not, this offline medium is very effective backup media as it is air-gapped*.
- Removable drives: Much like tape, they have an offline element in that they are not online unless being read-from or written-to.
- Immutable** backups in the cloud: By having immutable backups, organisations can have a peace of mind knowing that backup data stored in the cloud cannot be deleted by ransomware, malicious administrators and accidental deletion.
- Additional copies of backup data: This is often provided by a service provider and protects against ransomware, insider threats and accidental deletion as well.
Most importantly, ask yourself this question as an IT decision maker: Do you want to be in this situation? If your answer is no, it is time to act now. Implement ultra-resilient backup storage and stringent security measures all-around, secure the critical parts of your infrastructure and more.
This is the constant back and forth battle; we need to improve our IT resiliency continually. Organisations must constantly assess the risks and opportunities to be resilient with their technology deployments. Here in Veeam, we are constantly working to improve technical recommendations based on the threat landscape – we should all play our part and do the same.
*Air-gapped devices are not connected to a network, so they cannot be accessed online.
**Immutable backups are backups whose data cannot be changed after the backup was done.
The demand for data security is more important than ever before. According to a survey done by CrowdStrike on global security attitude, the number of organisations falling for supply chain attacks around the world have increased from 14% to 39%.
As we progress in the age of technology with tighter and robust security measures, a ransomware attack is still one of the biggest challenges faced by industrial enterprises. Today, hackers are using people's fears and confusion to create cyberthreats while leveraging on the coronavirus situation – security risks such as system paralysis, data loss, and business interruption due to phishing attacks and malware have been emerging over the last few months.
A diversity of threats
There is incredible fragmentation in the types of threats in play today. The threats come in a number of different ways, behave a number of different ways and even attack differently. As an example, some ransomware threats can upload data instead of encrypting the data. The victim will be threatened by the hacker, leveraging on a public leak of potentially sensitive data.
These disguises and behaviours make it very difficult to consistently defend against the landscape of threats. The rule to follow is to have increased awareness by monitoring and analytics of the IT environment to be aware of what should be considered normal behaviour in the IT infrastructure.
As a solution, organisations are highly recommended to increase encryption to help defend against threats. Using backup data as an example, take a step back and think about all the implications of blackmail using the whole backup of an organisation.
At Veeam, all our clients are advised to implement more “nearline” encryption and enhancing security practices for backup systems. With this, backups are encrypted in every step of the way, including the first disk resource on-premises.
Encrypting backups have historically been a great idea when tapes leave the IT facility or if data is transmitted over the Internet; but with these threats, the need for encryption becomes more critical. Ideally, implementing resiliency can prevent this situation, but this is beyond the previous recommendation around encryption. Consider the factors that enable that behaviour:
- How was the threat able to get in?
- How did data manage to leave the system?
- Are monitoring and analytics in place to identify the threat?
Encrypt, encrypt, encrypt
If a blackmail threat happens, it is usually too late to take action – therefore organisations are highly recommended to use more encryption throughout. Encrypted backups or other data will be ineffective out of the management realm.
Consider outside help
The IT security community is generally consistent in recommending that victims never pay the ransom. One of the best courses of action is to engage with a breach task force. There are IT security firms that specialise in the analysis of what happened and can advise to prohibit this from happening again.
More resilient backups
It is extremely advisable for organisations to implement ultra-resilient backup storage. It is the single most effective form of storage to be resilient against ransomware. Here are four ways organisations can have ultra-resilient backup storage:
- Tape: Believe it or not, this offline medium is very effective backup media as it is air-gapped*.
- Removable drives: Much like tape, they have an offline element in that they are not online unless being read-from or written-to.
- Immutable** backups in the cloud: By having immutable backups, organisations can have a peace of mind knowing that backup data stored in the cloud cannot be deleted by ransomware, malicious administrators and accidental deletion.
- Additional copies of backup data: This is often provided by a service provider and protects against ransomware, insider threats and accidental deletion as well.
Most importantly, ask yourself this question as an IT decision maker: Do you want to be in this situation? If your answer is no, it is time to act now. Implement ultra-resilient backup storage and stringent security measures all-around, secure the critical parts of your infrastructure and more.
This is the constant back and forth battle; we need to improve our IT resiliency continually. Organisations must constantly assess the risks and opportunities to be resilient with their technology deployments. Here in Veeam, we are constantly working to improve technical recommendations based on the threat landscape – we should all play our part and do the same.
*Air-gapped devices are not connected to a network, so they cannot be accessed online.
**Immutable backups are backups whose data cannot be changed after the backup was done.
Comments
Post a Comment