In the wake of the Colonial Pipeline hack, businesses all over the world are getting a very loud reminder that they could be next to be compromised by a ransomware intrusion. For many, it’s not an ‘if,’ but a case of how and when. Even multinational businesses with comprehensive cybersecurity protocols in place are vulnerable. So, what should businesses do to mitigate the impact of a serious breach, prevent data loss and avoid extortion?
In April 2020, the Global Cyber Alliance (GCA) and the Ransomware Task Force (RTF), a newly formed consortium of U.S. software companies, security vendors and government agencies, came together to produce a series of recommendations to combat the rising threat of ransomware. The report included nearly 50 actionable steps for both industry and government to adopt to reverse the trajectory of ransomware attacks.
The answer for many IT teams is making their organization cyberresilient by combining data backup and disaster recovery (DR) with extended threat detection (XDR).
Mitigating Ransomware with Disaster Recovery
For too long, companies have treated cybersecurity and backup as separate functions, when, in fact, they serve the same purpose–protecting a business’s digital assets and data. Unfortunately, data breaches are inevitable. Even the best endpoint security systems can’t prevent them from happening. Hackers are always on the prowl, probing cybersecurity defenses and looking for weaknesses and openings. Attack vectors vary, but the most common are corporate emails and, increasingly, web applications and SaaS platforms, which now account for 80% of ransomware attacks.
Unfortunately, most businesses don’t have contingency plans in place to immediately respond to a ransomware attack. Digital incursions aren’t treated in the same way as a physical emergency like a fire or natural disaster with first responders coming to the rescue. Companies that think they can buy their way out of trouble are only going to make things worse. Paying the ransom won’t solve all your problems because now that you’ve been compromised, it’s highly likely your data is exposed and the criminals are monitoring your every move. That is, unless you have a protected backup infrastructure in place that acts as a sister site where all your data is safely encrypted. The beauty of this system is that it allows you to continue functioning as usual in a secure and managed environment, while simultaneously conducting forensics on your compromised assets. The two sites can run side by side until the damage is repaired. Meanwhile, the intruder is completely unaware that they are now under the microscope. The tables are turned and, once the investigation is complete, you can regain control of your entire operation.
That’s why it’s important to have an integrated data management function that puts your business on the front foot. This is crucial because malicious actors can go undetected for almost a year—the average dwell time for a threat is around 286 days. However, once their presence is discovered or a vulnerability detected, data can be moved to a safe, secure and encrypted environment, while the threat is tracked with forensic detail using extended threat detection (XDR).
Managing Your Digital Crime Scene
The bottom line is that businesses need to be more resilient to reduce the impact of a ransomware intrusion. There have been cases where critical systems have been exposed by something as innocuous as a wireless printer running on a network with access to the company’s Exchange servers. This creates a gap that attackers can easily exploit, bypassing the company firewall in the process. Cybercriminals are ruthless and indiscriminate. If there’s a weakness in your defenses, they will do their best to find it.
Law enforcement agencies around the world are increasingly urging victims not to pay when getting hit with a ransomware attack. This wasn’t always the case. A decade ago, a suspected cybercrime would be ignored entirely. If a cybercrime occurred just five years ago, it would’ve been acknowledged, but the law wouldn’t have had the tools to fight back. The last 12 months has seen a material change in law enforcement interest in cyberattacks, including complete impounding of full systems and very active intervention in trying to find who was responsible for the attack.
While this represents a very welcome change, it does present an additional challenge today—working with law enforcement and trying to mitigate the data loss in the midst of an attack. The teams’ resources are inevitably split between the two tasks and business continuity is ultimately affected as your data has become a digital crime scene.
There is an increasing need for businesses to have an outsourced partner who provides a data recovery platform with a recovery environment comparable to the original. You can then run parallel streams while simultaneously working with law enforcement to find the perpetrators. This allows businesses to continue to function and proactively manage threats, preventing further damage and the need to give in to extortion by paying huge ransoms.
In-house IT teams can’t cope with the volume or sophistication of cyberattacks today. They both want and need to shift as much responsibility as possible to trusted partners. That outsourcing is creating a data insurance policy that allows the business to function as usual with little to no downtime, and also enables support for law enforcement to investigate the attack and help bring the perpetrators to justice. Cybersecurity defenses play a critical role in repelling attacks, but companies can only really achieve cyberresilience with integrated data management solutions that incorporate the latest XDR techniques.