Rapid Restoration – How to Recover from a Ransomware Attack
Simon Jelley, Global General Manager, Backup Exec at Veritas, examines the increasing threat from ransomware and discusses how businesses can best protect themselves.
It seems like not a day goes by without news of another ransomware attack. In its 2017 Internet Organised Crime Threat Assessment, Europol reveals that ransomware attacks have now overtaken almost every other type of cyber-attack.
In fact, the scale of the problem could actually be much greater than the stories in the press suggest – not all instances may be reported as companies are fearful of revealing an attack due to the potential impact on their reputation and the detrimental effect on customer trust. Not to mention the financial implications of reduced productivity and lost revenues.
But the ever-increasing risk is adding other financial pressures to firms, such as setting aside money to cover potential ransoms in the event of an attack, or dealing with the rising cost of cyber insurance premiums as more and more organisations claim for compensation. PWC estimates that annual gross written premiums for cyber insurance are set to grow from around $2.5 billion today to $7.5 billion by the end of the decade.
Whilst there is an attitude that an attack is inevitable, there are a number of steps that businesses can take to mitigate the dangers – a pyramid approach built around education, security and protection.
Employees are the first line of defence against security threats, yet often they are found to be the cause of an attack. PwC’s 2015 Global State of Information Security Survey found that employees are the most common causes of incidents. Opening one email can lead to an infection across an entire network, so educating employees to review emails and ask themselves whether the sender is a source they recognise is a worthwhile investment of time. Employees should also be aware of avoiding unknown websites, taking care with email attachments and knowing not to install unknown or unapproved software. These are just the basics.
Building on employee education, security is vital. Installing a secure IT infrastructure will act as a second barrier in case of cyber breaches. But it’s important to ensure that your device drivers are updated on a regular basis and that you keep pace with software upgrades. Whilst it isn’t guaranteed to provide full protection, it can go a long way towards it.
This is the last line of defence, and sitting at the top of our pyramid, is by far the most important. If all else fails, companies should have a fall-back plan in place. They must be able to recover the data themselves if the worst happens. The impact of not having a backup plan in place can be catastrophic.
And yet, data protection is often disregarded until companies find they have a serious issue on their hands and need to urgently restore their data. The consequences of this can be costly, time-consuming and harmful to a business’ reputation.
Top Tips for Data Protection
With this in mind, there are five simple steps that businesses must remember when it comes to protecting their data.
- Back up regularly and frequently – making multiple copies on a regular basis is an obvious but important step. If ransomware encrypts the only copy of a file, there is a good chance you will not recover it.
- Isolate – the isolation of backups is especially relevant to a ransomware attack. It’s crucial that the technology you use to store backup data on is not part of your network. Malware is designed to crawl its way through network connections. It’s a small step for hackers to move from encrypting files on start-up drives to attacking data on external drives and shared networks. A key technology for providing this gap between your network and your backups is the public cloud. Cloud storage is low cost, easy to set up and very easy to scale.
- Consider timing and backups – managing retention periods is an important part of data lifecycle management, you need to deliver a cycle of weekly, monthly and yearly data backups on different media. Organisations should consider how many copies of different files need to be kept and where they should be stored. A master catalogue will help organisations keep track of what and where the data is stored.
- The 3-2-1 rule – Keep at least three copies of data, on at least two devices, with at least one copy offsite.
- Recovery testing – Finally, it’s important to ensure that the recovery process works. Running fire drills will ensure employees can recover data when they need it. This can involve checking that a secondary site will go live if the main site fails, or it can be as simple as recovering an arbitrary file to a PC and checking it is identical to the original.
Ransomware happens, whatever the size or type of organisation. This is where data protection really comes to the fore, giving companies the ability to get back up and running as quickly as possible to minimise the impact on reputation and revenues. The information an organisation holds is the lifeblood of its business, and losing it could be fatal. Organisations need to ensure they are sufficiently protecting their data to secure the future of their business.