Share this article on:
David Rajkovic from Commvault outlines practical steps for strengthening an organisation’s ransomware data protection and recovery capabilities.
We’ve been experiencing a health crisis for the past two years, but at the same time, the digital ecosystem is under siege as ransomware attacks increase day by day. In fact, according to the latest ACSC Annual Cyber Threat Report, ransomware attacks in Australia have risen by almost 15 per cent. Gartner also predicts that 75 per cent of businesses will face one or more ransomware attacks in the years to come.
The crippling effects of ransomware on business operations and revenue, not to mention the costs of paying out the ransom, can often range from thousands up to millions of dollars. For that reason, businesses need to start fortifying their critical data security plans to counter the new era of ransomware siege.
The (quite literally) million-dollar question, then becomes: How can businesses best safeguard against ransomware attacks to protect their critical data assets?
Here are three tactical actions to take:
Know your battleground
It all starts with laying the groundwork. The key is to develop a multi-layered plan that encompasses the foundations of good cyber security practices and prepares your business for the inevitable.
The IT environment is massive and sprawling, so the first step is to reduce risks and minimise the effects and impact of ransomware. Look to implement a multi-layer security plan, where processes are built in to identify, assess, mitigate and monitor risks to your most valuable data. The plan must also work broadly and be far-reaching enough, that it can access valuable data beyond central servers and business applications.
Next, get visibility of your data. Take the time to see who has access to what, and what privileges they have. This will allow you to evaluate current procedures, discover any potential loopholes that can be exploited and refresh your data protection protocols. For example, identifying where to eliminate or mitigate malicious actions with multi-factor authentication.
Set up guard
We all know security vulnerabilities are tough to defend against. The next step is to strengthen your business’ current protocols and put into practice continual maintenance measures to keep up with the pace of evolving types of attacks. Ongoing monitoring and detection for irregular activities is necessary to ward against surprise attacks.
Work with your IT team to set in place processes that monitor and minimalise any potential weaknesses in the business IT environment. One way to do this is to ensure your business’ critical data or backup is securely air-gapped to protect it against lateral moving threats. This is because air-gapped data ensures that at least one copy (i.e. a backup) of your business’ data is offline. It therefore cannot be accessed and is not able to be hacked.
Prepare for the attack
The best defence is a sound and tested strategy, so that when your business is breached, you’re able to respond quickly and accurately to an attack and mitigate the impact on business operations. Another step to take is to ensure you embed action workflows into your security system and have the right tools in place to monitor and flag irregular behaviour so that your IT team is able to act immediately. If business operations start to be impacted, that can translate into real monetary losses so the ability to respond efficiently, and effectively, is paramount.
This is where the multi-layered groundwork comes into play and enables you to bounce back quickly from a ransomware attack. The most important step to return to business as usual is data recovery. That means a comprehensive and continuous recovery readiness strategy needs to be established beforehand. This strategy must be well documented and automated. Steps should be predictable, and teams should not need to pause to figure out which critical data needs to be recovered and in what order during high-pressure attacks.
Looking ahead
No business is immune. Even the strongest defence can be breached and with so many cyber criminals out there, it is vital to know your next step. You need to be constantly reviewing, testing and updating your data security plan, because keeping your most valuable data safe starts with being recovery ready.
We have all seen the headlines – businesses with their data held hostage and significant payouts to cyber criminals to restore it. So, how confident are you in your ransomware data protection and recovery capabilities? With new strains of ransomware and other malware threats on the rise, take the time to safeguard your valuable data and reduce cyber security risk through a solid data protection plan.
David Rajkovic is the area vice-president for Australia and New Zealand at Commvault.