Much like how the world is grappling with a health crisis right now, the digital ecosystem is also facing off one of its biggest threats to cyber hygiene. Often hailed as the digital plague of our times, ransomware is fast becoming cybercriminals’ favourite form of attack due to its high payoff and relative ease in execution as digitalisation takes off on a massive scale.
Gartner predicted that 75 percent of IT organisations will face one or more ransomware attacks. With the crippling effects of ransomware on business operations and revenue, not to mention the costs of paying out the attackers which can often go up to millions of dollars, organisations must start fortifying their data security plans to counter the ransomware siege.
Alas, this insidious menace is notoriously difficult to defend against, as cybercriminals learn to adapt their tactics to bypass existing security measures. Across ASEAN, ransomware is a significant threat, Kaspersky reported about 2.7 million ransomware detections in ASEAN during the first three quarters of 2020. The report also observed the impact that the COVID-19 pandemic continues to threaten the cyberthreat landscape and will continue to rise exponentially in the future.
The million-dollar question, literally, then becomes: How can organisations best be on guard against ransomware attacks to protect their critical data assets?
Laying the groundwork
Business leaders fret not, for there are actions we can take to mitigate the risks of ransomware and its impact. The golden key is to develop a multi-layered plan that will encompass all the cornerstones of good cybersecurity practices while preparing businesses for the inevitable.
The first step in this plan is to have in place a system that can identify, assess, and mitigate risks to valuable data. A good data protection plan must work broadly and deeply enough to reach valuable data wherever it resides. The plan should extend beyond central servers and organisation-wide applications to cover laptop computers, files in a wide range of media formats, and function-specific applications.
It is also paramount to assess your organisation’s current data protection protocols – who has access over what? What privileges are they accorded? Doing so will give you the chance to evaluate current procedures and discover any potential loopholes that can be exploited. For example, accidental or malicious administrator actions can be eliminated or mitigated by requiring dual authorisation to implement changes. This will reduce the risk of internal sabotage, which can be the hardest to detect.
Getting your guard up
Once the groundwork has been laid, the next step is to bolster your organisation’s current measures and ensure continual maintenance to keep up with evolving modes of attacks.
Start with minimising potential weaknesses that can be exploited in your organisation’s IT environment. All security vulnerabilities are possible entry points for cyberthreats and must be fenced off. It is also crucial that your organisation’s essential data or backup is securely air-gapped. This means that the data is isolated from and inaccessible via the Internet, to better protect it against lateral moving threats. Air-gapped data will not be prone to hacks, and doing so will protect and lock your critical data from malicious advances.
It is vital to be on watch and not let your guard down when these protections are put up. Ongoing monitoring and detection for anomalous activities is necessary to ward against surprise attacks. Your IT team needs to set in place processes that regularly monitors file system activity and detects statistically variant file system behaviour.
Honeypot files, hidden files that are common and attractive to ransomware attacks, can also be planted and regularly monitored. These act as baits for cybercriminals and can gather valuable intelligence on how malicious actors currently operate, allowing you to adapt your security measures to counter their methods. Regularly updating the system based on new emerging threats and always being on top of necessary security updates will also grant you a leg up over cybercriminals.
Girding for attack
Now that you are all armed for an attack, it is time to put your defences to the test. The age-old adage is that the best defence is a good offense. However, in this case, the best defence is a sound strategy that takes the edge off the offense. When your defence has been breached (and it will), your organisation must be able to respond quickly and accurately to the incident to diminish impact on business operations.
Once variants are detected, your data security system needs to be able to automatically isolate suspected ﬁles to minimise ransomware spread and for further investigation. The system should also automatically act and alert the IT team for awareness or embed a recommended action workflow into the alert for administrator execution. Time is of the essence here, and if business operations are affected, every minute that passes can accumulate to upwards of millions of dollars in losses.
So how can organisations bounce back quickly from a cyberattack? Data recovery is a crucial step to getting back to normal business operations during such events, which means that a comprehensive and continuous recovery readiness strategy needs to be established beforehand.
This strategy must be documented and automated to get operations back on track. Steps should be predictable and teams should not need to stop to figure out which data needs to be recovered and in what order during high-pressure attacks. Remember, time is of the essence.
Data recovery processes will need to be consistent across all data and workloads to restore on-premises, in the cloud, or wherever the data is needed. Automating data recoveries with streamlined recovery operations through machine-learning or orchestrated workﬂows will also aid in getting your organisation quickly back on its feet after suffering a ransomware attack.
Preparing against future assaults
There is no such thing as a fool-proof data security strategy. Your organisation’s data security plan must be constantly updated and tested to alleviate the risks of cyberthreats as cybercriminals become increasingly shrewd with their methods. Even the strongest defence will be breached but having a solid data protection plan in place can do much to help put out the fire.
If cybercriminals are not taking a break with their assaults, neither should your data security.