By John Lucey, UK Country Manager, Cohesity
Ransomware, one of the fastest-growing malware hazards of the 21st century, continues to threaten businesses and public institutions around the world. Mostly targeting computers and mobile devices, it quickly spreads across networks, quietly encrypting every data file it finds until the entire system is compromised. It will then display a ransom note to the user demanding an online payment in return for restoring the files.
For such a virulent and fast-evolving species of malicious software, it is important for IT decision makers to understand that both the cost of, and defence against a ransomware attack goes far beyond the extortion payment. Other associated costs – such as downtime, lost sales opportunities, dissatisfied customers, brand and reputational damage and fines for non-compliance, add up to make ransomware a potentially devastating blow to a business or institution of any size. With this in mind, financial institutions can and must do more to alleviate the threat from ransomware and cyberattacks.
Would-be attackers have far more time and resource than the average IT team does. This time is often spent developing and testing new attacks – leaving IT teams and employees permanently on the back foot. This is one of the reasons cyber criminals continue to launch successful ransomware attacks in general: because they have so much more manpower to dedicate to it. And while it would be great if employees refrained from opening strange attachments or falling for a phishing link, trying to stop this completely is not realistic either. After all, employees are humans, and humans make mistakes.
So for IT leaders, the most important course of action (apart from ensuring robust training for the workforce) is staying on top of security updates and investing in the right kind of software, working in tandem with suppliers and resellers, IT leaders can utilise information gathered to better educate all levels of staff on likely modes of attack. Even with that however,there will never be any such thing as an infallible workforce.
This results in backup systems becoming the de facto best friend and simultaneously last resort of a business looking to prevent or mitigate the effects of a breach. A robust backup strategy is particularly important for banks and financial institutions which often deal with extremely valuable and sensitive data. However, any reasonably sophisticated ransomware attack will assume that its intended victim will have a proper backup strategy in place. Therefore, it is likely designed to find and encrypt backups or destroy them as well. Despite the fact that most banks make security a top priority, attackers are constantly on the lookout for ways to breach backups that traditionally served as an insurance policy in the event something went wrong. Backup data has become the new prime target, and businesses need to be ready to mitigate this.
Several financial institutions in the past have been victims of security or computing failures, which can lead to fines, compromised customer data, and a negative mark on their brand. Data breaches, ransomware attacks and phishing are all on the rise. Hackers have already begun to target legacy backup as an entry point with several types of ransomware such as Locky and Crypto, known to destroy shadow copies and restore point data. Indeed, backup infrastructure is becoming a prime target for hackers, and even a very conscientious backup strategy will not protect the enterprise if the system is not built to protect against it.
Moreover, in the aftermath of such an attack, recovering compromised files from backup and restoring encrypted systems is often easier said than done. According to Intermedia research, nearly three out of four companies infected with ransomware suffer two days or more without access to their files. And, to make matters worse around 30 percent go five days or longer without access.
This problem is exacerbated by a phenomenon called mass data fragmentation – the proliferation of massive volumes of what’s called secondary data (data used for backup, testing and development, analytics, etc) across different locations, infrastructure silos, and management systems. Customers don’t know what data they have, if its protected and in compliance. This creates vulnerabilities that can be exploited by an attacker. Additionally, many of the solutions used to protect and backup data today were designed more than 10 years ago and haven’t kept up with today’s environments. Outdated systems mean that businesses will spend a lot of money backing up their data, only to find later that their expensive backup insurance policy failed to deliver and that’s when this moves from being an IT issue to a boardroom issue where brands and reputations are at stake.
This is why businesses should look for backup vendors that offer near continuous data protection – which means that recovery is possible within seconds or minutes – not hours or days. Multi-factor authentication can add an extra layer of security across backup files, and a platform that can monitor modifications, deletions or additions as-they-happen can stop a full-blown attack from taking place.
Legacy backup solutions were not built for a world that operates in today’s risk-prone climate. Ransomware threats are constantly evolving and ever-changing feats, and anyorganisation must employ a combination of innovation along with best practice processes if it is to adequately mitigate the risks.Customers need modern backup solutions that provide multiple layers of protection that not only help in preventing an attack but detecting when one has just taken place. For example, solutions with built-in analytics capabilities that can be applied directly to the data — analytics that can perhaps alert IT leaders as to when their backup data has changed or if files have recently been accessed, modified or even worse, deleted. And, if an attacker is successful, enterprises need solutions that provide the ability to instantly recover at-scale. To counter sophisticated ransomware threats, organisations need a holistic solution that takes into account all of their precious data – from backups to mission- critical information.
By reconsidering their backup strategy, businesses and financial institutions can deploy solutions that proactively prevent backup infrastructure from becoming a target, detect attacks in real time, and if necessary, provide an immediate response to recover at scale, in order to avoid substantial downtime.