Ransomware growing smarter: are you ready?

Cybercrime is a multi-billion dollar international industry and is not going away. Ransomware has taken centre stage, with large and highly publicised attacks costing global enterprises significant sums and even putting some out of business. Given the current economic climate, the ongoing work from home scenario and the rapidly growing attack surface, the situation is only going to get worse. Ransomware is also becoming increasingly sophisticated, more difficult to detect, and harder to recover from. For businesses, the question is not if they will be attacked, but when. Being adequately prepared for recovery is critical.

To err is human

Despite education campaigns, endpoint protection and other layers of security, phishing remains the number one way in which cybercriminals penetrate an organisation’s defences. Spear phishing has become increasingly common, and also more difficult to immediately identify. Users can no longer rely on poor spelling and pixelated images to spot a potentially infected email. In addition, spear phishing attacks are often combined with social engineering tactics to sell the ruse more effectively.

Cybercriminals also use artificial intelligence (AI) and the Internet of Things (IoT) to infiltrate businesses and circumvent defences. With many people working from home and the growing number of connected devices, the attack surface is much larger than it used to be, with many more potential points of entry.

Planning for recovery

Ransomware is not going away and it is getting smarter. The chances of being hit are increasing, and in 2020, the majority of successful attacks were perpetrated against organisations that had up to date endpoint security. Of this group, approximately a third were out for a week or more as a result of the attack. This is a huge business risk that the majority of organisations simply cannot afford to accept.

However, simply having a plan is not sufficient. Unlike natural disasters, which often have some warning and may take down a few servers, ransomware attacks are coordinated across the world. Attacks happen quickly and can be devastating, taking out global infrastructure in a matter of hours, including the recovery systems that businesses rely on. It is impossible to recover an infected data centre, and in many cases the backups themselves are encrypted and snapshots deleted.

Layers of protection

As ransomware becomes increasingly intelligent, the more layers of protection businesses have, the better. The basics like training, security tools, firewalls and patching are still necessary and form the foundation of security, but they are not enough on their own. Early detection is critical to minimising damage, and this needs to include the use of AI and honeypots to lure and trap threats.

It is also essential to secure the environment a business backs up to, hardening security around data protection itself. All organisations need to ensure that at least one backup copy is immutable, with minute-by-minute detection to ensure it is not being encrypted. If backups become encrypted with ransomware, recovery is all but impossible and businesses will be left with little choice other than to pay the ransom.

DRaaS to the rescue

The connected nature of data storage, from disc to appliances to the cloud, also means that air-gapped backup becomes essential. The cloud offers the ideal solution for a virtual air gap, with the added benefits of predictable storage costs, agility, flexibility and more.

Backup as a Service (BaaS) is gaining popularity due to the nature of the threat landscape, giving businesses preconfigured backup systems in the cloud. While building a new data centre to recover to is impossible, cloud enables recovery to a completely new environment quickly, with the agility and scale businesses need. However, like any backup solution, it still needs to be managed by the business, which has become increasingly challenging in such a complex landscape.

Disaster Recovery as a Service (DRaaS) takes BaaS a step further, managing the entire backup and recovery environment. This helps to ensure businesses have effective, predictable DR and a single pane of glass view across the data landscape, not matter where data is stored, from the premises to the cloud to containers. DRaaS also helps businesses to understand their readiness to recover and their ability to meet backup and recovery Service Level Agreements (SLA), and can adjust backup configurations to meet these SLAs.

Disaster recovery has become as complex as the threat landscape itself, and the ability to recover depends on what an organisation is hit with and how they were attacked. By leveraging the skills of an expert DRaaS provider, enterprises benefit from simplified, scalable and flexible backup and recovery and enhanced business continuity. DRaaS is the ideal solution to help businesses meet their data challenges in today’s complex data landscape.