Steps to protect your enterprise data from ransomware

Due to the rise in multiple strains of ransomware, organisations must work towards building security to protect their data

Updated On
New Update

In recent years, Ransomware attacks have been identified as a crisis worldwide. In 2021 as most organisations continued to work on a hybrid model, ransomware attacks have resurged with a shift towards larger organisations. Attacks on larger enterprises are giving these threat actors a bigger reach and increased financial gains without much effort. Almost half (49%) of enterprises in India suffered multiple ransomware attacks, while 76% were hit by at least one ransomware attack in 2021, as per a survey by US firm CrowdStrike and Vanson Bourne. This is more than any other country, the report said. 


In 2022, ransomware is evolving and will have an impact on sensitive credentials, exposing customers' data and directly threatening the customers. Hence, only reactive techniques and reliance on data backups will not be the solutions. Enterprises have to proactively prepare for ransomware attacks by protecting business assets, limiting the impact of ransomware and accelerating recovery. 

With this in mind, here are the 5 Steps to Protect Your Enterprise Data from Ransomware

Ensure data integrity and availability for key business assets


Organisations need to understand the full scope of the applications and data that need to be protected. Critical servers and applications (including SaaS apps like Microsoft Office 365) that are crucial for the business should also be included. Key assets that are needed to protect and automate their data are important to be identified along with ensuring that the backup data cannot be encrypted or deleted by ransomware. Organisations need to look for solutions that provide air-gapped, immutable, and encrypted backups. Implementing RBAC (Role-Based Access Control) ensures that only a small group of administrators can perform destructive actions like deleting backup data. Implementation of the Zero Trust security model that treats every access attempt as if it originates from an untrusted source should be a priority. 

Migration from on-premise to SaaS solutions

The first step towards making the data secure is selecting a secured backup solution. However, due to the rise in multiple strains of ransomware, organisations must work towards building security into their day-to-day operations. According to a recent report, 42% of vulnerabilities are exploited after a patch has been released. Organisations need to regularly patch all applications, optimize performance and patch vulnerabilities. As they are moving from on-premise backup to SaaS solutions, the SaaS model allows customers to protect their data without taxing overextended IT teams with the need to manage security for yet another solution. 


Orchestrate response to automatically contain threats

Over the years, it has been noticed that the holiday season and the end of the week is the perfect time for threat actors to attack organisations as it gives them easy access to enterprise data. This should be enough reason to automate their data backup with minimal intervention from the IT staff. Infected resources should be quarantined in both - primary and backup environments as well as stop backing up data from infected servers or machines. 

Identify anomalous data and activities


Securing data and systems has become a top priority now more than ever. Major breaches have revealed how many organisations are vulnerable to ransomware attacks.Access insights are crucial as situational awareness of activities can help in a backup environment and identify malicious actions such as unidentified access or deletions. Anomalies are produced at the data level by ransomware attacks. Organisations need to quickly identify anomalous data sets and help choose a course of action during the recovery process that supports the detection of ransomware attacks. 

Automate the recovery of complete and clean data

Recovery from ransomware attacks is complicated as ransomware encrypts data slowly. The average dwell time for ransomware has come down to 20 days which still makes it unlikely to recover the most unencrypted version of each file or dataset existing within a single snapshot. Automating the recovery of data ensures clean backup which is not infected and will not reintroduce the malware and restore corrupted data. These unique challenges can be addressed with cloud native infrastructure and automation processes like bulk restore, curated recovery and restoring only clean data. 

The article has been written by Milind Borate, Co-Founder and Chief Development Officer, Druva