Sheena Chin, Managing Director, ASEAN, Cohesity
In 2017, the WannaCry ransomware attack affected more than 200,000 computers in 30,000 organisations across 150 countries. According to the Singapore Cyber Landscape 2018, the Cyber Security Agency’s (CSA) annual publication, 21 ransomware cases were reported in the country. It was estimated that about 500 of Singapore’s IPs could have been affected by the WannaCry ransomware attacks. The modus is simple: the ransomware locks users’ files and demands that they pay attackers a designated sum in the virtual currency Bitcoin.
However, the impact of ransomware attacks is much more complex. Companies may lose not only data, but also trust and brand value. The loss of confidence can adversely affect a company’s stock value. Such attacks highlight the importance organisations must place on ensuring their employees understand cyber risks and are aware of relevant information security measures.
Globally, the internet population as of 2019 has surpassed the 4 billion mark and Asia Pacific (APAC) currently holds more than 50 percent population share with 2.3 billion internet users online. As such, APAC nations face a higher potential threat of cyber attacks than other countries across the globe, in large part due to the speed and scale of growth in the region’s use of digital technology and associated connectivity.
Backup and recovery solutions are designed to protect organisations, but sophisticated malware like Locky and crypto-ransomware are now targeting companies’ backup data. Even after implementing basic cybersecurity measures, companies can still fall victim to such attacks. One way of recovering critical company data is to restore from the backup solution.
Analysts are predicting a ransomware attack on businesses will happen every 14 seconds—at a cost of billions to global organisations. That is why companies need to keep these five considerations in mind when strategizing how best to prevent, detect, and rapidly respond to a ransomware attack on backups.
1. Ransomware Attacks Make Backups a Liability
Cybercriminals are now aggressively targeting backup data called shadow copies to gain full control, or worse to destroy what has long been considered an insurance policy for business continuity. These attacks have become more sophisticated by entering a primary environment from an endpoint and heading straight for backups before taking over the production environment. Companies are increasingly challenged as backup copies from which they would restore are also now infected.
What is needed to prevent ransomware attacking backups is a multi-layered defence. Original backup jobs should be kept in an immutable state. Multi-factor authentication (MFA) and write once, read many (WORM) capabilities for the snapshot are must-have features in any modern backup solution.
2. Expanding Attack Surfaces Expose Backups to Ransomware Attacks
IDC estimates that 175 zettabytes of data will exist by 2025. Data across organisations continues to grow exponentially, if not doubling every few months. A vast amount of this data, nearly 80 percent, is data consisting of backup, file and object shares, dev and test, and analytics. Today this data is scattered across multiple silos and systems resulting in mass data fragmentation. Many organisations have copies of the same data and have very little visibility into what is stored where – all resulting in a wider attack surface. As a result, enterprise data has become more accessible to cybercriminals.
Preventing ransomware from succeeding in the first place starts with reducing the enterprise attack surface and improving the visibility of enterprise data (i.e. knowing what data is held and where it is located). A modern data management solution should provide global visibility and a unified way of managing enterprise data to eliminate mass data fragmentation.
3. Attacks on Backups Made Easier by Intermittent Monitoring
Ransomware attacks can originate from outside an organisation or internally as a result of malicious intent or human error. How can organisations monitor and prevent it before it impacts back-up copies? Advancements in machine learning and artificial intelligence should be able to help us in this area. Today’s modern backup solutions should be able to continuously monitor and detect change rates by analysing files and audit logs – even when the team is not paying close attention. The right backup solution will protect the organisation from cyber attacks every second of every day.
4. Public Cloud Entry Points for Ransomware Criminals
Organisations in Asia are ramping up their adoption of cloud, realising the benefits of improved efficiency and lower cost. However, one of the key challenges is securing the data in the cloud. With critical information now residing on the cloud, ransomware attackers have easy access if not managed well. A modern backup solution must provide immutability to data, have WORM features and the ability to detect attacks and provide visibility to data across on-premise and the cloud.
Staying ahead of ransomware requires a backup and recovery solution that offers a single dashboard. Being able to see, manage, and take action fast on backup data – whether residing on-premise or across public clouds – will help organisations protect themselves from ransomware attacks.
5. Predictable Recovery
Whether you have been hit with a ransomware attack or an internal mishap (malicious or human error), when disaster strikes, it’s critical to quickly recover from data loss. If a disaster were to happen today, could the organisation predictably recover backup data – when and where it is needed- without compromise? The ability to ensure predictable recovery offers confidence in meeting SLAs and trust in the resiliency of the organisation.
To assess your organisation’s readiness for achieving predictable recovery, ask these questions based on a framework of core recovery attributes:
- Do you have 100 percent backup success rate? Data that is not protected cannot be recovered.
- Can you do a global, Google-like search for any Virtual Machine (VM), file or object?
- Can you ensure recovery at scale?
Recovery at scale without proper tools can be crippling to operations. Being able to recover only two or three VMs or objects at a time prolongs downtime, resulting in SLAs being driven by duration of recovery rather than business requirements. For predictable recovery, you should be able to recover any number of VMs, files or objects instantly. Rather than waiting for the backup solution to hydrate backup copies for recovery, deploy a backup solution that can maintain an unlimited number of fully-hydrated backup copies that can be instantly mounted. This makes data readily available, even while data is being restored in the background. A modern backup solution will also allow data to be located easily across locations and puts you in the desired workflow for ensuring ensure predictable recovery at scale.
Prevent, Detect, and Respond Fast to Ransomware Threats
Organisations want to experience zero data loss from cyber attacks and they want to have the confidence to refuse demands for a ransomware payment. They must protect their data with a comprehensive approach to preventing, detecting, and rapidly responding to ransomware attacks.