Jasmit Sagoo, senior director, Head of Technology UK&I, Veritas, explains how to best prepare for a ransomware attack with 5 key steps.
Ransomware has grown into the most persistent and pernicious security challenge facing organisations. It is the single most common malware threat reported and costs victims $133,000 a year on average. Yet due to underreporting and concerns for company reputation, this is likely only the tip of the iceberg.
Giving in and paying up is the worst approach you can take. Once you have shown the attacker you are willing to pay the ransom, they are guaranteed to come again and slowly but surely turn your business into their recurrent revenue stream. It’s the equivalent of painting a target on your back.
Good data practice is ultimately the best defence against ransomware. A strong data management strategy not only makes a successful attack less likely, it ensures you can recover should an attack breach your perimeter, and without paying the attacker’s fee.
A strong data management plan for ransomware has two crucial components. Firstly, a culture that encourages data responsibility. Secondly, a comprehensive data backup plan. Culture bolsters your defences while backups allow you to recover quickly and cheaply from an attack.
Also of interest: To pay or not to pay? Ethics and best practices when dealing with ransomware demands
A cultural revolution
Data becomes vulnerable to attack and exfiltration when employees don’t organise it properly. An all too common mistake in organisations is for staff to believe that data management is the role of the IT department. Today, however, almost every employee in a company creates, collects and shares data, so they should also be expected to protect it properly.
A company-wide approach to data management is crucial for defending against ransomware. Data responsibility should permeate every level of your organisation, but for this to be possible employees need comprehensive and regular security training.
However, employees also need the right tools. Managing all that data across numerous applications and environments is no easy task. To do the best job possible, staff need full visibility and control over the data they handle – this means technology that helps them see through silos and quickly locate the data they need.
Also of interest: Video – Europol: “People need to understand the value of reporting”
A five-step plan for successful backups
The sad reality in many organisations is that data protection is often only an afterthought. It’s considered only once data needs to be restored – and by this point, it’s far too late. If the worst happens, organisations need minimum downtime and the fastest possible data restoration.
Following these five steps will ensure a rapid and robust response:
1. Isolate your backups
The isolation of backups is particularly useful in a ransomware attack. Malware is designed to travel its way through network connections. It’s a simple matter for hackers to go from encrypting files on start-up drives to attacking data on external drives and shared networks.
It’s crucial that the technology you use to store backup data is not on the same network. In this respect, the public cloud is an ideal rally point. Isolated from your network and kept up to date with the latest security policies, cloud storage is low cost, easy to set up and highly scalable.
2. Do it frequently
Making multiple copies on a regular basis is an obvious but critical step. If ransomware encrypts the only copy of a file, there is a good chance you will never be able to retrieve it. Regular replication ensures that your backup always has a backup.
3. Timing is everything
No organisation has an infinite amount of storage space. This makes managing retention periods an important part of data lifecycle management. Organisations should consider how many copies of different files they need and where they should be stored. A master catalogue of your data assets will help staff keep track of what and where the data is stored.
4. The 3-2-1 rule
Requirements will differ between organisations, but as a rule of thumb keep at least three copies of data, on at least two devices, with at least one copy offsite.
5. Test until it hurts
Lastly, it’s important to make sure your recovery process is resilient. Running tests and false alarms will help employees recover data when it is really needed. Fire drills can involve staff checking that a secondary site will go live should the main site fail, or something as simple as recovering an arbitrary file to a PC and checking it matches the original.
Ransomware strikes without warning and it doesn’t discriminate between its victims – it can happen to any organisation, large or small.
Despite its best efforts, a company will fail to stop at least one attack over the course of its life. What distinguishes one victim from another is their ability to resist and bounce back. Data responsibility is the foundation of any organisation’s ransomware defence, while backups are its secret weapon.