/dq/media/agency_attachments/UPxQAOdkwhCk8EYzqyvs.png)
Follow Us/dq/media/post_banners/wp-content/uploads/2022/04/ai_security-1.jpeg)
The ransomware menace continues to create headlines globally. Enterprises continue making investments to enhance their cybersecurity while hackers keep discovering or creating new vulnerabilities and hacks. Ransomware protection and recovery is, therefore, a never-ending challenge.
According to CERT India, there has been a 51% increase in ransomware attacks within the first half of 2022, as compared to 2021. Sectors such as IT, manufacturing, and finance have borne the brunt of these attacks. The BFSI vertical has been an attractive target for hackers because of the assets it manages and the critical nature of the data it protects.
As banking, financial services and insurance companies increasingly go digital to ensure a more personalized experience for their customers and take on new competitors, ransomware attacks will witness a spike going ahead.
Enterprise cybersecurity leaders must, therefore, proactively work towards keeping data protected and recoverable from such attacks by strengthening their organization’s security postures.
Here are five best practices that CISOs should adopt to come up with a cutting-edge ransomware strategy.
Develop a multi-layered security plan
As the ransomware threats become more and more sophisticated, adopting a multi-layered approach for securing data can go a long way in reducing an organization’s risk. A security framework that is built on zero trust principles and adopts the NIST (National Institute of Standards and Technology) Cybersecurity Framework best practices can address the five core areas to protect and recover from ransomware attacks -- identify, protect, monitor, respond, and recover.
Organizations typically witness an average downtime of 21 days when they are hit by a ransomware attack, but those that leverage a multi-layered security approach resume operations as early as in two days.
Ensure access control
It’s important to lay a strong foundation for protecting data effectively. Protocols such as zero-trust user access controls, advanced data encryption, and multi-factor authentication harden the security stance by stopping unwarranted access to data and systems. For instance, role-based security can leverage roles to provide access to tasks, such as performing administrative operations on entities, restore and backup. The mechanism clearly defines what resources are displayed to a user and the available tasks provided.
Reduce attack surface
Maximizing isolation air gap techniques can go a long way in reducing the exposure of backup data to vulnerabilities. Isolating backup data aims at having secondary and tertiary copies of backup storage targets unreachable and segmented from public portions of the environment by utilizing zero trust technologies, next generation firewalls virtual and LAN (VLAN) switching.
In case of a ransomware attack, this approach provides a limited attack surface to the attacker. Air gapping ensures the network has no connectivity to public networks at all, which in turn provides security against lateral moving threats also.
Segment the network
In case of a cyberattack becoming successful, the best bet is to not provide full access of the enterprise network to the hacker. This can be done by dividing the network into smaller segments to stop lateral movement of the business-critical data. It, therefore, makes sense for cybersecurity leaders to use cloud for securing both, their primary as well as backup data at an offsite storage location.
This will also take care of the 3-2-1 backup storge rule -- 3 copies of data on 2 different media types with 1 copy offsite -- for greater ransomware protection.
Improve security posture
To stay a step ahead of hackers, CISOs need the capability to address threats before they impact your business. This is where the need for complete visibility into the network comes in. Security decision makers must implement a unified platform that enables centralized management and visibility through a single platform that offers security dashboards and alerts to quickly detect suspicious activity, identify risk exposure, and resume business operations.
Such a platform will help them access a single place to enhance security posture, identify risks in real-time, take corrective action, and recover data rapidly.
There are platforms available in the market today that enable protection and isolation of an enterprise’s data, provide alerts and proactive monitoring, and ensure fast restores. Next generation technologies such as AI and ML provide alerts on attacks in real time for CISOs to act quickly.
Enterprises must deploy a platform that helps them in formulating the five strategies mentioned above. It is time security leaders leveraged rapid execution, innovation, and responsiveness to build ransomware-proof businesses.
-- Balaji Rao, Area VP, India & SAARC, Commvault.