Can Backup Data Be Trusted After a Ransomware Attack? 3 “I’s”for Steadfast Resiliency

Cybercriminals are now utilizing advanced techniques, including artificial intelligence, to penetrate the data center and corrupt critical data assets. Jim McGann, vice president of marketing & business development at Index Engines addresses why organizations need to be smarter and more aggressive in combating these attacks, instead of using common and predictable approaches which have not worked in the past. 

Data is an organization’s most valuable asset. This is why cybercriminals target this asset, making it corrupt, encrypted, and holding it ransom while demanding large paydays. And despite organizations’ best attempts at keeping ransomware out of the data center, cybercriminals are continually finding ways to circumvent endpoint solutions. 

In fact, a ransomware attack occurs every 11 seconds causing the average ransom paid by companies to jump 171% to more than $30 million, with the average victim paying more than $312,000. 

The best way to recover from one of these attacks is by using an organization’s backup data. But, how do you know that data has integrity and is safe to restore? 

Ransomware Attacks and Their Setbacks

Cybercriminals are desperate to collect their ransoms and are finding stealth ways to corrupt backup data that are often missed by detection tools. This causes prolonged downtimes, financial hardships, and loss of consumer trust. 

Ransomware attacks are becoming far more advanced:

• SolarWinds and the Microsoft Exchange attack struck fear into organizations.
• Increased dwell time shows that cybercriminals are inspecting the environment so they can maximize damage.
• Advanced attack vectors are corrupting and encrypting data in a way that is more difficult to detect.

In addition, the motives behind the cyberthreats are expanding to include: 

• Insider: Trusted insiders steal or extort for personal, financial, & ideological reasons.
• Hacktivism: Advance political or social issues by exposing sensitive content.
• Warfare: Nation-state actors with destructive cyberweapons (NotPetya).
• Terrorism: Instill fear through the downtime of critical infrastructure.
• Espionage: Corporate or nation-state actors steal valuable data.

Why Disaster Recovery Solutions Are Primordial

Modern threats require modern protection. Turn disaster recovery solutions into cyber recovery solutions that validate the data’s integrity and ensure it is reliable when needed for rapid post-attack restoration.

Organizations need to focus on a preventative/reactive dual approach: keeping cybercriminals out of the data center, but also having a well-thought-out plan to provide isolation and intelligence to enable recovery in wake of successful ransomware or cyberattack.

A 3-Prong Solution to Data Resilience and Recovery

Data has immense value, offers insights into an organization’s health, and holds significant power. Data fuels global economies and our professional, social, and individual lives. When protecting data “good” or “better” should never be acceptable. 

Organizations should strive for data resiliency.  Data resiliency is a process that continually validates the integrity of data as it changes over time to ensure it is reliable and protected.

Cyber recovery is a critical component of an overall data resilience strategy. Cyber recovery at its best is a 3-prong approach that combines isolation, immutability, and intelligence. It allows you to detect signs of data corruption early and ensures the organization will be protected from down time due to an attack. 

• Isolation. Cybercriminals cannot access, steal and corrupt data they do not know exists. Isolating backups of core infrastructure, critical files, and databases with an operational air gap offers an integral first step to keeping data out of reach. Stealth technology can hide its overall existence. 
• Immutability. Deploying advanced technology to lock down the protected data and ensure that no bad actors can tamper with it, corrupt it or destroy it is critical to ensuring reliable recovery.  There have been many instances of cybercriminals or insider threats destroying backup catalogs and data sets to create an unrecoverable environment.  Immutability will provide confidence that data is secure and protected from harm.
• Intelligence. It is off the network and tamper-proof. But, is the data good? Sophisticated, deep metadata attacks are becoming more commonplace and circumventing detection tools. Adding machine learning and full content analytics to this secured data offers insight into how the data has changed and can alert to signs of corruption. Early detection provides the ability to recover quickly with confidence that data is clean. 

Attackers will continue to evolve, figuring out new ways to make money. 

The top-5 industries, which accounted for 179 breaches,  were manufacturing, legal services, construction, high-technology, and retail. More than 70% of those identified, with one in six businesses attacked (17%) saying the financial impact materially threatened the company’s future. 

Minimizing Cyberattacks Is the Key to Business Transformation

Adding isolation, immutability, and intelligence to an organization’s most vulnerable and valuable data fuels both technological and business transformation. It provides confidence to IT leaders that critical data is protected from ransomware and cyberattacks, and reassures business leaders that downtime will be minimized in case of a successful attack.  

Let us know if you liked this article or tell us on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!