Story image

Exclusive: Building robust cloud-based backup and DR into ransomware defence

27 Aug 18

Article by iland global marketing VP Amy Hawthorne

Recent figures show that, after a slight lull towards the end of 2017, ransomware attacks have once again accelerated in the first half of 2018, reaching a reported 181.5 million incidents.

This rise has been driven by the emergence of ransomware-as-a-service, which now means that almost zero technical expertise is needed to perpetrate an attack – just a target and a willing ransomware provider. 

As well as increasing in volume, attacks are also evolving to become more sophisticated, seeking out and encrypting remote network drives and servers and hunting down and removing shadow copies and backup files.

The rationale behind this evolution is simple: to lock down the victim’s recovery options and increase the chances of a ransom being paid.

This alteration in tactics, combined with the risks of business disruption, financial loss and reputational damage associated with cyberattacks, means that IT managers are under greater pressure than ever as they strive to defend against ransomware.

And there’s no silver bullet.

The various attack vectors and strategies employed by adversaries means that a multi-layered approach is needed.

Emergency response to attacks

The sheer volume and growing sophistication of attacks means businesses need to assume it’ll be a case of when, not if, an attack makes it through.

A solid emergency response plan is essential.

Three key tools, used in conjunction, can bolster the company’s arsenal, ready to swing into action in the event of a successful attack, to protect access to the organisation’s most valuable data and restore operations with minimal disruption.

Snapshots

A SAN/NAS-based snapshot is effectively a point in time image of your data.

Snapshots can be programmed into the routines of practically any application or storage device and are completed isolated from the data itself, so there’s no way malicious code – whatever its level of sophistication - can detect or remove them. 

Backups

There is a raft of reasons why businesses should use a backup service in ordinary operations, but it is also useful to have in place to avoid paying the ransom and instead recover your data from your own sources.

Follow the 3-2-1 rule: three copies of your data, on two different media types, with one copy off-site in the cloud.

This off-site copy is your insurance policy.

It’s “air-gapped” from the business so there is no way that it can be compromised by malicious code that seeks to delete or encrypt locally hosted or networked backup files.

Disaster recovery

While it’s not a flood or a fire, a successful ransomware attack could be just as devastating for your business.

In fact, given the volume of attacks in progress right now (figures suggest that a company is hit by ransomware every 40 seconds), you’re actually far more likely to find yourself with a ransomware disaster on your hands.

With disaster recovery set up in the cloud, you can have your systems back up and running in that environment right back to the moment that the attack locked the system.

This isolates your data from the event and minimises both recovery time and data loss – mitigating both the hard and soft costs of system outages and data breach.

Internal and external security threats to companies are occurring with increased regularity, with malware and viruses a constant challenge.

This is why companies need a recovery solution that mitigates the risk of critical data being lost or destroyed, in the event of a breach, that can easily restore mailboxes to an instance before the attack. 

Backing up your data would be quite a long process if it had to be done manually.

Fortunately, over the years, cloud service providers have adapted their solutions so they can be included directly in widely-used software suites such as Microsoft Office 365.

This means that by automatically backing up your data once a day, the solution eliminates the risk of losing access to and control over Office 365 suite data including mail, SharePoint and OneDrive – so that users’ data is always hyper-available and protected, therefore avoiding any major disruption to your business.

The layered defence approach should also be applied to backup and recovery.

The structure of that strategy revolves around classifying the value of your different data or application tiers and establishing your appetite for disruption for each tier.

If you only back up your data overnight, say at 7.00pm, and the ransomware attack takes place at 6.45pm, your business loses a whole day of data. Is that acceptable? If not, you need to modify your schedules to match your risk appetite for the different classifications of data.

Testing is critical.

If you don’t test your emergency plan regularly, how do you know it will work when it matters? It should be possible to fully test without interrupting the normal flow of business.

It’s also worth remembering that ransomware attacks (and indeed other kinds of disaster) don’t happen quarterly, or during office hours, so your testing schedule needs to reflect the real world rather than an artificial timeframe to offer you the best information about the security performance of your system.

Symantec releases neural network-integrated USB scanning station
Symantec Industrial Control System Protection Neural helps defend against USB-borne cyber attacks on operational technology.
Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.
Gartner names LogRhythm leader in SIEM solutions
Security teams increasingly need end-to-end SIEM solutions with native options for host- and network-level monitoring.
Cylance makes APIs available in endpoint detection offering
Extensive APIs enable security teams to more efficiently view, enrich, and contextualise real-time intelligence collected at the endpoint to keep systems secure.
SolarWinds adds SDN monitoring support to network management portfolio
SolarWinds announced a broad refresh to its network management portfolio, as well as key enhancements to the Orion Platform. 
JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Securing hotel technology to protect customer information
Network security risks increase exponentially as hotels look to incorporate newer technologies to support a range of IoT devices, including smart door locks.