The threat of ransomware is omnipresent, and the tactics deployed by cybercriminals are constantly evolving to wreak as much havoc as possible. Recent attacks like the one on Kaseya serve as an important reminder that when ransomware strikes, it’s not just your data that’s at risk, but your whole business.
Further, a recent Sophos survey found that the average post-attack remediation costs, including lost business, grew to nearly $2 million per incident in 2021, about 10 times the size of the ransom payment itself.
CISOs and hands-on security professionals are implementing several tactics to defend their organization, and these include proactive threat hunting and technical defenses like multi-factor authentication.
While these practices are helpful, they are focused on preventing attacks from happening in the first place while the harsh reality is that it’s no longer a question of if hackers are going to get in, but when. With so much at stake, why are data recovery and restoration often put on the back burner of the security conversation when it could be the most valuable tool in the security arsenal?
Shifting the mindset: Backup is a priority, not a project
It’s difficult to keep hackers consistently out of an organization’s network. IT directors must assume that attackers are going to be able to penetrate their defenses and deploy ransomware. Whether they end up having to pay millions to get a portion of their data back will depend entirely on their ability to restore all their systems from backups.
Since most IT operations have moved to containers on virtual machines, it should be a straightforward process to restore all systems, data and applications.
If data storage and cloud backup are implemented into the security plan from the start, a company could easily get rid of ransomware and recover from an attack by wiping its slate clean and restoring its data with little to no downtime. But it’s a time-consuming, technical process, and as such should be a response that IT teams practice and prepare for, just as they would for an application outage or maintenance issue.
For example, many backups may be incomplete and thus the process of restoring systems from backups fails. Conducting tests of your disaster recovery plan provides critical intel into the current state of an organization’s security posture and if it will hold up when a real disaster strikes.
Cloud backup and security
If a company has backed up to the cloud, hackers will have to penetrate the cloud service and find a way to erase or encrypt the data. The added bonus of immutability in the cloud prevents any modification or deleting of the protected data for a fixed period of time.
It is important to note that not all immutability is created equal. Hardware vendors have offered immutability for several years, but anyone who can hack into the system admin’s panel can easily defeat the immutability feature.
The same is true for many cloud services, including some of the big hyperscale players. Vulnerabilities usually come from outside the organization, but sometimes a disaffected employee is involved, or someone who has access to the administrative functions. When looking at storing your backups in the cloud, immutability should mean that nobody, not even the IT director or the system admin can change immutable data once it is written.
Going back to basics
Most of security focuses on intrusion prevention and detection, which is no doubt an important piece of the puzzle. But at the end of the day, it’s a losing battle if the basics aren’t taken care of because the vulnerabilities are not just technical – people can always be tricked into making a mistake.
That’s why rather than obsessing over the latest firewall technology or intrusion detection software, it’s often better just to have everything fully backed up so that in the event of a ransomware attack, a company can simply wipe everything and begin the restoration process to minimize downtime. A robust data protection strategy with immutability and cloud backup can be the difference between business as usual and all operations grinding to a halt.