The real-world cost of a ransomware attack encompasses reputational damage, mitigation and recovery costs, ransom payments, downtime, and rising insurance premiums. In 2021, the average ransomware attack cost organizations up to $4.62 millionOpens a new window to mitigate. Will 2022 hold a similar fate for organizations across sectors? On World Backup Day, let’s hear from data storage and backup leaders and experts about the best backup strategies to implement in 2022 to minimize the damage caused by ransomware attacks
Today, corporate networks and servers are inundated with cyberattacks that encompass a crescendo of credential-stuffing attempts, phishing emails, malware intrusion, and ransomware attacks. In 2021, SonicWall recorded an alarming 623.3 millionOpens a new window ransomware attacks globally, averaging 2,170 attempts per customer. With each attack aimed at exploiting weaknesses in IT networks and endpoint devices to inject ransomware, organizations can’t afford to lower their guard for a moment.
Cybersecurity experts advocate several measures and practices that organizations must put in place to protect their networks from ransomware attacks that can shut down operations for weeks, lead to the loss of critical data, and inflict financial losses to millions. Some preventive measures include deploying advanced endpoint detection and response (EDR) solutions, implementing zero trust access (ZTA) and zero trust network access (ZTNA), training employees to detect social engineering attacks, and prioritizing cybersecurity as much as other digital transformation projects.
The value and utility of a robust data backup and recovery process to mitigate the impact of ransomware attacks cannot be understated. Jason Stirland, the CTO of DeltaNet International, says that failing to plan is akin to planning to fail. Therefore, having a business continuity plan is essential for organizations of all sizes. “Organizations must create rigorous backup and disaster recovery plans that are tested and refreshed regularly – this will be key for survival,†he says.
It is not just the frequency of ransomware attacks that should worry organizations. SonicWall VP of Platform Architecture Dmitriy Ayrapetov says that network attacks rose to a fever pitch in 2021. According to SonicWall, aside from launching 623.3 million ransomware attacks in 2021, cybercriminals also attempted 142.2 million Log4j vulnerability exploitations, nearly 2.5 million encrypted attacks, 97.1 million cryptojacking attempts, and 60.1 million IoT malware attacks.
Modern ransomware actors primarily target corporate and customer data to force organizations to pay and encrypt data until a ransom is paid. Therefore, every organization needs to have robust data backup and recovery processes to secure sensitive and business-critical data from unauthorized access. This World Backup Day, let’s hear from data storage and backup leaders and experts about the best backup strategies to implement in 2022 to minimize the damage caused by ransomware attacks.
See More: 700M Attacks in 2021 and Counting: Can Businesses Fight the Ransomware Tsunami?
Ryan WeeksOpens a new window , CISO, Datto
Identify, protect, detect, respond, and recover
“To address increasingly complex ransomware threats, some companies are now thinking beyond established security tools and are now building true cyber resilience. This powerful strategy combines the practices of cybersecurity, business continuity, and incident response which requires capabilities in five functional areas: identify, protect, detect, respond, and recover. These capabilities cannot be purchased, they need to be built by combining people, processes, and technology. With the right cyber resilience capabilities in place, companies can protect themselves from unknown threats, minimize the impact of attacks, and reduce downtime.
Recovery needs to start before an attack takes place. To this end, it’s critical for companies to evaluate their IT and security budgets to ensure that they’re able to implement advanced security and data management capabilities. This will allow them to effectively back up and secure networks, while enabling business continuity capabilities. Having a business continuity and disaster recovery solution in place is the most effective solution for preventing the loss of data following an attack, as it provides the ability to quickly retrieve data and avoid costly downtime.Â
Cyber criminal groups actively seek to destroy backups to increase the chance of a successful ransom extortion. This technique is widely used and requires that companies start to leverage a backup strategy that assures at least one copy of their data remains intact despite a threat actor having a foothold in the IT environment. The 3-2-1 rule is an easy rule of thumb for a resilient backup strategy. You need at least three copies of a backup, two of which are in different locations, and one of which must have protection against destruction (immutable). This immutable copy of the backup means you will always have the ability to restore backups after an attack, despite the attacker’s best attempts to destroy them.
In today’s increasingly complex IT environment, the most sensible choice for recovery is for companies to partner with a managed service provider or managed security service provider who can provide solid, proactive and reactive risk management.â€
Gaurav RishiOpens a new window , VP of Product at Kasten by Veeam
Protecting cloud-native applications and data
“The adoption of cloud native development practices, particularly with Kubernetes, is rapidly accelerating as companies shift from legacy technologies to the far more reliable, scalable, and portable environment that the cloud native stack provides. However, in light of World Backup Day, it is important for enterprises that are adopting K8s environments to also consider how they can protect them. Implementing Kubernetes-native backup for your applications is critical to protect data in the event of an accident, system failure, or even a deliberate attack. With a proper native backup strategy in place, enterprises can feel more confident when utilizing the powerful, yet flexible Kubernetes platform.â€
John FungOpens a new window , Director of Cybersecurity Operations at MorganFranklin Consulting
Automate, test, and backup your backups
“Strong Procedures: To ensure backups are made regularly, which minimizes potential data loss, they should be automated and performed regularly. Organizations should also include backups in compliance policies and procedures.
Focus on Location: Ransomware commonly targets backups to prevent companies from restoring them rather than paying a ransom. That is why backups should be stored offline or in a read-only format. Ideally, backups should also be geographically distributed. If a natural disaster or a power outage knocks out an organization’s primary systems, the backups provide immense benefits.
Comprehensive Testing: Backups and restoration procedures should be tested regularly to identify technology and security issues. This ensures that both the backups and the primary database are secured. Cybercriminals will search for “low-hanging fruit,†and an unprotected backup is easier to steal and just as valuable.â€
Jeff CostlowOpens a new window , CISO of ExtraHop
Weave backup & recovery plans into your security strategy
“Ransomware is a shadow that hangs over all organizations today. This World Backup Day should be a call for all organizations to examine how their backup and recovery plan weaves into their overall security strategy to ensure they are protected in the event of a ransomware attack.Â
Sadly, organizations must take further precautions and cannot rely solely on their data backups. Today’s ransomware has become an advanced threat with the “hat trick†of exfiltration, encryption, and software exploitation. It used to be that the sole endgame of ransomware was encryption. Deploy the ransomware, encrypt the files, and demand payment for the keys. Today, ransomware criminals have introduced payment incentives at multiple steps in the kill chain, from exfiltration of data to software exploitation. While it is vital for organizations to ensure a robust backup and recovery strategy is in place for business continuity, they can no longer guarantee that their private data won’t be released.Â
A backup plan is just the beginning. Other points to consider in a ransomware response plan include:
- Initial access: This is where cybercriminals gain a foothold through a wide range of techniques proven effective over time, including phishing emails. Ensure you have user training and strong preventative measures, including VPNs and firewalls.Â
- The midgame: This is where the attacker pivots through an organization’s infrastructure, accumulating assets and compromising data. Organizations need strong visibility into East-West traffic to spot ransomware, including lateral movements, domain escalations, command and control actions and data staging.
The extortion cycle: Cybercriminals have compromised your systems and your data. A robust backup and recovery process is a critical piece of the puzzle that will keep your business up and running.â€
See More: Ransomware: Is Your Sensitive Data Protected, or Will You Have To Pay Up?
Adrian KnappOpens a new window , CEO and Founder, Aparavi
Time to spring clean unstructured dataÂ
“Backing up your files is extremely important, and World Backup DayOpens a new window is a great reminder. As your data, especially unstructured data, footprint grows, so does your data risk. It is essential to understand that redundant, outdated, and trivial data, also known as ROT data, puts you at increased risk and can cost you millions.
One of my top tips for backing up data is to know what data you have. By doing a data assessment and understanding your data, you are in control to mitigate risk, reduce costs, and create value for your organization with confidence.Â
Another helpful tip is to think about World Backup Day as a spring cleaning opportunity for your data. Take a moment to remove data that does not need to be backed up. This will improve your security by avoiding a backlog in data management and limiting the unstructured data that could be subjected to a ransomware attack, providing a more efficient and secure data environment.
My final tip is to implement an intelligent data automation tool so you can locate all of your data no matter where it lives.This will allow you to organize and uncover hidden files and dark data that you or your organization may be unaware of, putting you in control to make better-informed decisions to reduce your data footprint and know what you are backing up.â€
What other backup and recovery strategies would you recommend to an organization? Comment below or let us know on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!