The Asia-Pacific region is no stranger to ransomware attacks. Several incidents have made headlines in recent years, highlighting the millions of customers’ information put at risk and exorbitant ransomware payments demanded. Closer to home, there has been a 54% increase of cases reported in Singapore in 2021 over the previous year.
Cybercriminals have been quick to exploit vulnerabilities from companies that may lag behind in maturing their cybersecurity capabilities, especially SMEs. However, large businesses are not exempt from opportunistic threat actors either, and may arguably be even more attractive because of their global stature.
Aside from those that lack adequate cybersecurity, some businesses — like those from the manufacturing and IT sectors — have round-the-clock operations that may prevent them from patching systems immediately. Coupled with evolving tactics (e.g. ransomware as a service) on the rise, avenues to attack are now open to even amateur cybercriminals.
This, however, is a cost that businesses are simply not equipped to bear, especially when there is no guarantee of retrieving data held by attackers at ransom. In fact, IDC found that nearly 20% of APAC organisations who paid the ransom did not receive their data afterwards. Businesses are then left to deal with the aftermath, including post-attack remediation costs like reputation management and restoring disrupted business operations, which have been found to cost US$2 million per incident, about 10 times the size of the average ransom demand itself.
Rewriting the cybersecurity playbook
With this sobering reality in mind, chief information security officers and hands-on security professionals are implementing several tactics to defend themselves, including proactive threat hunting and technical defences like multi-factor authentication. While these practices are focused on preventive measures, it is no longer a question of if hackers are going to invade, but when.
In today’s digitally connected environment, the digital supply chain has expanded the threat surface and businesses may not always be able to preempt an attack. With so much at stake, data recovery and restoration shouldn’t be put on the back burner of the security conversation; they could be the most valuable components in building businesses’ security arsenal.
Keeping hackers out of your network has proven to be an unwinnable cat-and-mouse game. Businesses must instead adopt a preemptive approach that assumes cybercriminals will be able to penetrate their defences and insert ransomware. Whether organisations end up having to pay millions to get a portion of their data back will depend entirely on the ability to restore all of their systems from backups. As most IT operations have moved to containers on virtual machines, in theory, it should be a straightforward process to restore all systems, including data and applications.
If data storage and cloud backups are included in the security plan from the outset, a company could easily get rid of ransomware and recover from an attack by wiping its slate clean and reinstating its data with little to no downtime. This, however, is a time-consuming and technical process, and should be a response that IT teams must prepare for. It’s as necessary as preempting an application outage or maintenance issue.
Ultimately, complications can occur: For instance, incomplete backups could hamper the data restoration process. Therefore, testing your disaster recovery plan will provide critical intel on your organisation’s security posture. This will ensure that your security strategies will hold up when a real disaster strikes.
Leveraging the cloud immutability advantage
Another advantage of backing up in the cloud is immutability, meaning no one can alter any data for a set period of time, not even a network administrator. This added layer of data protection removes major barriers for businesses. Because while many businesses understand the importance of safeguarding their data, they struggle in ensuring data protection is implemented across every level, like when data is in storage, and in transit between applications, services and device endpoints.
However, it is important to note that not all immutability is created equal. Hardware vendors have offered immutability for several years, but anyone who can hack into the system admin’s panel can easily defeat the immutability feature. The same is true for many cloud services, including some of the big hyperscalers.
Vulnerabilities usually come from outside the organisation but sometimes, a disaffected employee may be involved, or someone who has access to the administrative functions. According to Verizon’s 2021 Data Breach Investigations Report, 85% of data breaches involve some element of human error. This underscores the importance of ensuring that when storing your backups in the cloud, immutability should mean that nobody — not even the IT director or the system admin — can change immutable data once it is written.
Getting the basics right
Most security plans typically focus on intrusion prevention and detection, which are clearly important parts of the puzzle. However, it will be a losing battle if the basics have not been taken care of. Vulnerabilities are not just technical; people can always be fooled into making a mistake.
Rather than obsessing over the latest firewall technology or intrusion detection software, there is a simple alternative: ensure all data is fully backed up. This way, in the event of a ransomware attack, a business can simply wipe systems clean, begin the restoration process, and minimise crippling downtime that could cost up to US$500,000 in lost revenue.
Especially in today’s digital age when data is the lifeblood of businesses, a robust data protection strategy with immutability and cloud backups can be the difference between business as usual and all operations grinding to a halt. With such a clear cost to pay, there is no better time than now to put cloud storage at the forefront of the business security strategy.