Ransomware that heads straight for backups before even attacking the main data demand a relook at backup practices and expectations.

In 2017, the WannaCry ransomware attack affected more than 200,000 computers in 30,000 organizations across 150 countries. The modus operandi is simple: the ransomware locks users’ files and demands that victims must pay attackers a designated sum in Bitcoin.

However, the long-term impact of ransomware attacks is much more complex. Companies may lose not only data, but also trust and brand value. That loss of customer confidence can adversely affect a company’s stock value. Such attacks highlight the importance of ensuring that employees understand cyber risks and are aware of relevant information security measures.

Globally, the Internet population as of 2019 has surpassed the 4 billion mark, and the Asia Pacific (APAC) region currently holds more than 50% share with 2.3 billion internet users. As such, APAC nations face a higher potential threat of cyberattacks than other countries across the globe, in large part due to the speed and scale of growth in the region’s use of digital technology and associated connectivity.

Backup and recovery solutions are designed to protect organizations, but sophisticated malware like Locky and crypto-ransomware are now targeting companies’ backup data. Even after implementing basic cybersecurity measures, companies can still fall victim to such attacks. One way of recovering critical company data is to do a restore from the backup solution.

Sheena Chin, MD, ASEAN, Cohesity

Analysts are predicting a ransomware attack on businesses will happen every 14 seconds—at a cost of billions to global organizations. That is why companies need to keep these five considerations in mind when strategizing how best to prevent, detect, and rapidly respond to a ransomware attack on backups. So here are five useful tips from Sheena Chin, Managing Director, ASEAN, of data management firm Cohesity.

  1. Make your backups immutable
    Cybercriminals are now aggressively targeting backup data called shadow copies to gain full control, or worse to destroy what has long been considered an insurance policy for business continuity.

    These attacks have become more sophisticated by entering a primary environment from an endpoint and heading straight for backups before taking over the production environment. Companies are increasingly challenged as backup copies from which they would restore are also now infected.

    What is needed to prevent ransomware attacking backups is a multi-layered defence. Original backup jobs should be kept in an immutable state. Multi-factor authentication (MFA) and write once, read many (WORM) capabilities for the snapshot are must-have features in any modern backup solution.
  2. Reduce data fragmentation and attack surfaces
    IDC estimates that 175 zettabytes of data will exist by 2025. A vast amount of this data, nearly 80%, is data consisting of backup, file and object shares, dev and test, and analytics. Today this data is scattered across multiple silos and systems resulting in mass data fragmentation. Many organizations have copies of the same data and have very little visibility into what is stored where—all resulting in a wider attack surface. As a result, enterprise data has become more accessible to cybercriminals.

    Preventing ransomware from succeeding in the first place starts with reducing the enterprise attack surface and improving the visibility of enterprise data (i.e., knowing what data is held and where it is located). A modern data management solution should provide global visibility and a unified way of managing enterprise data to eliminate mass data fragmentation.
  3. Leverage on AI and machine learning
    Ransomware attacks can originate from outside an organization or internally as a result of malicious intent or human error. How can organizations monitor and prevent it before it impacts back-up copies?

    Advancements in machine learning and artificial intelligence should be able to help. Today’s modern backup solutions should be able to continuously monitor and detect change rates by analyzing files and audit logs—even when the team is not paying close attention. The right backup solution will protect the organization from cyberattacks every second of every day.
  4. Ensure unified dashboard visibility of your Cloud and on-premise data
    Organizations in Asia are ramping up their adoption of cloud. However, one of the key challenges is securing the data in the cloud. With critical information now residing on the cloud, ransomware attackers have easy access if the data is not managed well.

    A modern backup solution must provide immutability to data, have write-once, read-many features, and the ability to detect attacks and provide visibility to data across on-premise and the cloud.

    Staying ahead of ransomware requires a backup and recovery solution that offers a single dashboard. Being able to see, manage, and take action fast on backup data—whether residing on-premise or across public clouds—will help organizations protect themselves from ransomware attacks.
  5. Mandate no-compromise certainty of backup and recovery
    Whether you have been hit with a ransomware attack or an internal mishap (malicious or human error), when disaster strikes, it is critical to quickly recover from data loss. If a disaster were to happen today, could the organization predictably recover backup data—when and where it is needed—without compromise?

    The ability to ensure predictable recovery offers confidence in meeting SLAs and trust in the resiliency of the organization.