As businesses continue to navigate through the disruptions brought forth by the pandemic, they are increasingly leaning on innovative technologies and solutions to thrive and survive. While their rapid digital transformation gives them an edge in this VUCA (volatility, uncertainty, complexity, and ambiguity) world, it also increases the threat surface and creates new vulnerabilities and risks that can be exploited to wreak havoc.
Among the risks, ransomware has emerged as a formidable threat for businesses across all verticals. According to a joint survey by cybersecurity company, CrowdStrike, and market research organization, Vanson Bourne, 49% or almost half of all companies in India bore the brunt of multiple ransomware attacks, while 76% of the organizations suffered at least one such attack in the past 12 months. The report released on 7 December, also highlighted that the attacks were more than any other country.
By 2031, it is anticipated that ransomware attacks against businesses will occur every 2 seconds, up from every 11 seconds in 2021. To ensure that the business’ data is protected and recoverable from these malicious attacks, business leaders need to take proactive action to strengthen their security position.
Enhancing the Security Stance
In the face of a ransomware threat, Zero Trust architecture has emerged as a crucial piece in an organization's overall cybersecurity strategy. The core tenet of such an architecture is to 'challenge and verify' all access paths and communication among the various components of the IT landscape. In addition, creating micro-segmentation zones helps in curtailing the threat vectors' lateral movement. Micro-segmentation is the technique of separating resources both logically and physically to make access very restrictive and controlled.
A Zero Trust proposition, when offered on a user-friendly platform, becomes an extremely compelling proposition.
However, despite IT leaders adopting a well-planned approach, enterprises continue to fall victim to ransomware attacks. In such a scenario, the ability of an enterprise to minimize downtime and ensure business continuity hinges on its secure backup copies and their safe recovery, at optimal performance, cost, and speed.
This strategy is increasingly coming across as the insurance policy that enterprise technology leaders are banking on to counter ransomware attacks.
To implement state-of-the-art cyber-recoverability, enterprise IT decision-makers will have to reduce the surface area of attack by consolidating all siloed workloads into a single framework that can seamlessly integrate into their existing hybrid ecosystem, with SaaS and on-premises, and regularly deliver top level of recovery assurance and protection at every layer of interaction.
Adopting a multi-layer security strategy is important to counter growing cyber threats. However, despite all these protection solutions, there is still a possibility of a breach. This makes data backup extremely critical.
To protect businesses from ransomware, here are the top five best practices.
I. Identify risk exposure
It is imperative to have complete control over who has access and to what through zero-trust principles. IT leaders can do well by eliminating malicious or accidental administrator actions by requiring dual authorization for implementing changes. Implement a broad range of MFA (Multi-factor Authentication) options.
II. Protect data from changes
By isolating data management and networks leveraging multi-tenant functionality, enterprises can cut down on their overall attack surface. Adopting air-gapped cloud storage while securely air gapping backup copies will mitigate lateral moving threats.
III. Monitor to find anomalous threats
To stay ahead of hackers, CISOs need to monitor abnormal activities continuously and proactively for faster response. They should monitor all activities and resources in order to track user accountability. Above all, there should be a single interface to easily manage, monitor, secure and protect the environment.
IV. Respond fast to perform orchestrated actions
To minimize ransomware spread, security practitioners will have to automatically isolate suspected ﬁles and carry out further investigation. For greater security coverage, there must be comprehensive alerting and reporting by way of integration with best-of-breed monitoring tools.
V. Restore clean data quickly
Ensuring consistent recovery processes across all data and workloads is essential as it will aid in restoring in the cloud, on-premises or wherever the data is needed. Enterprise technology leaders should avoid ransomware ﬁle reinfections by deleting unnecessary or suspicious. To recover workloads seamlessly, the process should offer cross hypervisor and cross-cloud ﬂexibility.
A Hawkeyed Approach on Data Protection
Risk and opportunity — this is the reality for businesses and the people handling data. A single ransomware attack can impact the bottom line and/or damage its reputation. Securing crucial business information is a necessity for any enterprise and guarding it from ransomware must be a top priority.
Irrespective of where the data resides -- on-premise, in the cloud, or hybrid, -- a cloud-based disaster protection strategy will ensure business continuity for any modern organization with geographically dispersed employees. Tools such as anomaly detection, immutable backups, air gap, and multi-factor authentication (MFA) controls will aid in strengthening an enterprise’s recovery readiness. Security strategies embedded with Zero Trust principles enables them to expose and remediate problems, validate data and business applications’ recoverability, and improve overall security to reduce their risk profile.
The threat of ransomware is our current reality. Its prevention does not have to be complex. A robust, hawkeyed approach to data protection, bookended with a strong backup and recovery solution, can leave you confident that someone always has an eye on the ball!
Anshuman Rai, Area Vice President, India and South Asia