An intelligent approach to ransomware
By Kate Mollett, Regional Director at Commvault Africa
Globally, ransomware is predicted to cost organisations across the world $10.5 trillion annually, driven by growing connectivity and increasingly sophisticated attacks. Between January 2020 and June 2021, which was when the majority of countries were in lockdown due to COVID-19, there were an estimated 71 billion ransomware attacks on remote access devices. This equates to 1.3 million attacks every second. A successful breach not only results in lost data, but often also leaked data, which is a threat to reputation as well as a compliance problem. Ransomware is a major risk for business today, and an intelligent approach is essential in countering the threat.
Ransomware poses a significant threat to business, either through the deletion, encryption or corruption of business-critical data, or the leaking of sensitive or personally identifying information (PII). These attacks may gain access to networks via insider threats resulting from negligent, careless or malicious behaviour from someone inside the organisation, or from external threats, such as hackers, various exploits and, of course, ransomware, which often uses a combination of internal and external methods to penetrate the network. The result is increased risk: the inability to operate, threats to data privacy, a data breach, damage to business reputation and viability, and the inability to recover.
An intelligent approach
One of the biggest mistakes businesses make is treating ransomware and other cyber threats as IT problems, when in reality they are business issues. A successful ransomware attack can negatively impact business resiliency and cause significant business problems down the road. Cyber threats need to be treated as any other disaster, and planned for accordingly. Following an approach centred on data governance – which aligns the value and the risk of the data with business objectives – can go a long way towards ensuring a more successful strategy for mitigating the risks around ransomware.
It is also important to understand that there will be trade-offs with privacy and security. They are not the same thing and they do not have the same goals, but they are both aimed at achieving a safety net around the use of private data for legitimate business purposes. A mindset centred on risk management, based on a thorough assessment of vulnerabilities and threats, can help businesses to effectively balance the impact of a disaster and the probability of an attack. This includes standard methods for managing data, such as reduction, transfer and retention techniques.
Automation is key
While developing policies around data governance and educating people as to the threats and the risk are essential steps, these cannot be implemented effectively using manual processes. Today, with the explosive growth of data and how it is fragmented across many locations, providers and jurisdictions, you need to automate, and technology is your friend. However, automation alone is also not sufficient.
It is critical to have an incident response and recovery plan that involves all of the relevant stakeholders, and to regularly test this plan to ensure it is effective and that everybody is aware of their role. This helps to align the preventative measures with business strategy. In addition, all decisions, actions and processes need to be fully documented and audited, to simplify eDiscovery and ensure legal liability is minimised.
Safeguard your critical and sensitive data
The heart of an intelligent approach to ransomware is to safeguard critical and sensitive data to mitigate risk. It is advisable to manage data within a data governance and cyber security framework, based on the risk profile of the data, identify, assign and prioritise data across the environment, and then ensure critical data is available and sensitive data is protected. Availability objectives need to be based on business impact, while sensitive data should be assessed for data sprawl and any gaps in data stewardship.
Backups are the source of recovery for any incident, and they must be architected to build immutability into the structure, with air gapping and other best practice techniques, so they can be trusted in the event they are needed. Permissions are also critical, and only the right people should be able to access, delete and modify critical and sensitive data. In addition, networks need to be monitored for anomalous behaviours, so incidents can be investigated and responded to before they can cause significant harm.
Comprehensive, intelligent data protection
The right tools for the job can dramatically simplify data governance, protection, backup and recovery, while ensuring data security, compliance and transformation, and facilitating data insight to drive competitive advantage. Taking advantage of next-generation technology solutions can help businesses in their quest for an intelligent approach to identify, protect, monitor, respond and recover. This is key in mitigating the risks of ransomware in an increasingly connected world.