Know thy enemy, protect thy data

Ransomware has become a new public enemy for businesses, with attacks on enterprises of all sizes on the rise. According to the Cyber Security Agency of Singapore, there was a 54% increase in ransomware cases in 2021 compared to 2020, with small and medium-sized enterprises (SMEs) emerging as the primary targets.

The ASEAN region’s accelerated digitalisation has transformed it into one of the world’s fastest-growing digital economies, making it a prime target for cybercrime. Kaspersky reported around 2.7 million ransomware detections in ASEAN during the first three quarters of 2020.

No organisation in any country can escape the constant threat of rapidly evolving ransomware attacks. Threat actors are well organised and skilled, often having sophisticated new attack methods and patterns, putting businesses that do not understand the nuances of ransomware at high risk of having their invaluable data locked, altered, leaked, or destroyed.

The scourge of ransomware has also given rise to ransomware as a service, attracting amateur hackers as a means of easy money-making. Without any deep tech knowledge, they can readily gain access to existing or even sophisticated tools – created by developers – to deploy ransomware payloads.

How can companies best address these threats, unravel their blind spots, and improve their cyber data security to instil business continuity across their organisation?

Setting up a defence strategy

Companies and even governments continue to make ransomware headlines, from Optus in Australia where threat actors stole details of up to 10 million Optus users to the Costa Rican government when a ransomware attack crippled its computer systems. These are stark reminders of how easily ransomware can disrupt a business and cause chaos.

In the war against cybercriminals, the onus is upon companies to engage in both offence and defence tactics. A good defence starts with backups and recovery – these can be the ultimate trump card in a ransomware hostage situation.

As companies adopt more and newer technologies to meet changing needs and demands, terabytes of data end up distributed across multiple environments, including on-prem, hybrid, and multi-cloud. This mix of multigenerational technology fragments the data landscape, creating data silos and complicating backup and recovery processes.

The best way to reduce data risks is to deploy a properly architected backup and recovery solution that ensures data availability and consistent recovery processes for all workloads across cloud and on-premises environments. We recommend a complete A to Z ransomware protection approach — from air gapping to implementing zero trust principles for greater protection and recovery.

Creating air gap backup copies for secure off-site storage ensures multiple copies of backup storage targets that are segmented and unreachable from the public portions of the environment. This limits the attack surface of a potential malicious attack.

Zero trust is, of course, to trust but verify and verify to ensure cyberthreats do not have unlimited access to networks. Implemented through a multi-layered security framework with a unified platform comprising security dashboards and alerts creates a strong defence that helps take the teeth out of an enemy’s ransomware attack.

Going on the offence

Companies should also “play the offence” via a proactive approach to mitigating ransomware threats through early detection.

While traditional backup solutions may help customers recover post-attack or identify potential threats that reach their backup environment, this usually happens too late in an attack when business data has already been encrypted, exfiltrated, or leaked.

To combat the new wave of evolved ransomware, businesses need to anticipate the attack before the data is compromised. This is where early warning and threat detection comes in. Modern backup solutions with integrated cyber deception can offer advanced early warning for threats that evade conventional security tools and are dwelling silently in production environments.

These solutions can offer sensor decoys mimicking real assets to proactively bait bad actors into engaging fake resources and spot threats in production environments, neutralising stealthy cyberattacks before they can cause harm. By proactively flagging unknown and zero-day threats, the IT team can engage bad actors before they reach their data. Threats are exposed early, and attacks contained.

Power in knowing your enemy

Ultimately, companies should practise sensibility and practicality in dealing with data protection.

Just as we take steps to protect our homes, so must companies take steps to protect their data. A homeowner may install traditional means of security through cameras, locks, window sensors, and fences. However, the homeowner should also exercise discretion when they invite friends and acquaintances over. Someone who is deemed untrustworthy should not be on the invite list, and new acquaintances should not be given easy and free access to roam around the house.

The same goes for the rapidly evolving threat landscape, where companies will similarly benefit from getting a clear picture of where the threats are and how to fortify themselves against them.

Using a combination of defence and offence – a rock-solid backup and recovery and advanced threat detection – companies can better posture themselves against cyberthreats. Companies will be in a better position to take countermeasures that stave off ransomware attacks and minimise data compromise and the subsequent crippling business impact. Combining data protection and advanced cybersecurity could very well be the new normal.