The accelerated digitisation across Asia Pacific in the wake of the pandemic has expanded data footprints, resulting in decreased data visibility and increased vulnerability. With the integration of new technology — such as 5G, IoT, AI and machine learning — and accelerated digitalisation encouraged by the pandemic, putting the onus on businesses to ensure that the advantages afforded by these new technologies are not negated by the cyber risks caused by increased data footprints that are left unmanaged.
Cyber attackers are constantly evolving their approach to stay ahead of measures aimed at nullifying their malicious intent, with many businesses rightfully concerned about their increasing attack surfaces – especially considering 68% of organisations in the Asia-Pacific region suffered data breaches last year, with each incident costing an average of US$2.2 million (Forrester). Ransomware is becoming the cyber-attack of choice for attackers given its ability to infiltrate IT infrastructure and technology with the objective of accessing, disrupting, deleting, exfiltrating, and extorting company data – usually production data – that underpins business processes and continuity. As a result, businesses, along with their IT and/or SecOps teams, face a daunting challenge to protect their IT infrastructure and systems that house their precious data.
Ransomware has not only increased in trickiness and frequency, it has become more potent due to the innovative and inventive nature of malicious actors, who are looking to hold more companies to ransom at a greater scale. In 2021, Ransomware as a Service (RaaS) became a more frequent type of ransomware attack, as cyber-criminals found yet another avenue to target unprepared organisations. Similar to Software-as-a-Service, RaaS provides easy access to ransomware to those with little-to-no programming expertise. RaaS also raises the spectre of more frequent attacks targeting small and medium sized businesses (SMEs). While the payoff from a successful attack on a large enterprise is huge, it requires a high degree of technology to execute and can also be risky for inexperience attackers already lacking the necessary programming skills. To be blunt, RaaS offers a way for these very same actors to, then, target unsuspecting and often unprepared SMEs. According to the World Economic Forum, the cyber resilience of SMEs is a key concern supply chains, partner networks and ecosystems.
Data Backup and Recovery: A Pillar of Cyber Resilience
Cyber resilience hinges on business continuity. However, a company can only be cyber resilient if they can recover data from a high-quality data backup, and a specific point in time. Backups are a foundational component to an overall cyber resilience strategy, and crucial for companies in preparing their response to ransomware or other cyber security threats. Having a secure, clean, immutable copy of your data can better equip your business to defend your data and refuse the ransom.
With backup data and environments also being targeted by attackers, companies can no longer afford to ignore the need for encryption to go beyond just securing hardware. With attackers now being able to encrypt not only backed-up production data, but exfiltrate data for double extortion attempts or to expose it for other ends, it is essential that businesses evolve their strategies and implement the best available data management and protection technology.
As ransomware has increased in potency and sophistication, whether in the form of Ransomware 2.0, Ransomware 3.0, or RaaS, it is imperative that companies review what constitutes a capable and appropriate data management and protection strategy, and the technology that is required as the backbone of that strategy. These best-practices and technology are vital to maintaining or establishing a state of cyber resilience:
- Embrace your data generation and invest in protective backup technology: Increased technology adoption has resulted in excessive data generation that IT and security teams must now adequately manage, govern, and protect, to benefit from it. Make sure you are backing up data regularly and cleanly, not from infected backups. If a company is infected it is important to notice the malicious activity early. The best next-gen data management technology will leverage AI and machine learning capabilities to help detect anomalies, as these are usually indicators of suspicious activity, and then alert the necessary IT and Security team members to investigate. This is important, as early detection will help reduce the blast radius of a ransomware attack, help ensure that future backups do not contain malicious files, and should identify a clean point to recover from amongst your existing backups.
- Review your data policies and management approach: Consider how you are collecting, governing, managing, storing, protecting, and backing up data. Relying on the way data has always been managed, and with legacy data management technology, isn’t enough in today’s cyber threat environment. Work backwards from the outcome you are looking to achieve and review your data management technology based on its next-gen capabilities.
- Invest in immutable and encrypted data management technology: Invest in a data management platform that has immutability baked in and not added as an afterthought. Immutable backups and their data cannot be modified, encrypted or deleted, making them one of the purest ways to tackle ransomware as they ensure the original back job is kept inaccessible. If data can be recovered from immutable backups then organisations can have greater confidence they are recovering cleanly from their desired recovery point. Data that is backed up should always be encrypted either at rest or in transit over a network, with AES 256-bit encryption to secure data.
- Add a +1 to the 3-2-1 rule for backups: Under the traditional 3-2-1 rule, you must have at least three copies of your data, store the copies on two different types of media, and keep one backup copy offline or offsite. This simple approach means you will always have an available and usable backup of your data and systems. Offsite and offline backups not only limit and insulate against the effects of ransomware but help to maintain business continuity. However, now it’s time to consider going beyond by adding a +1 to the 3-2-1 rule by leveraging data isolation solutions that provide an isolated and protected backup that can be quickly restored from – they may even be more cost effective too.
- Practice makes perfect: You may already have a backup schedule and may have implemented the 3-2-1 rule, potential even a +1. however, testing the implementation of your backup and recovery solutions, and how long it will take to recover from your backup is vital.
Ransomware poses an incredible technology and security challenge for both CIOs and CISOs, and their respective teams. Focusing purely on traditional cyber defences such as network, perimeter, endpoint and application security is no longer sufficient. Data protection and recoverability are vital to business and operational continuity, and the best way to build a solid foundation for this is via data management technology that prioritizes high-quality backups.
By Sathish Murthy, Director of Systems Engineering at Cohesity
