Ransomware attacks are more prevalent and dangerous than ever. In response, organisations are upgrading their data protection to stay ahead.
By Sujoy Mukherjee, head of portfolio: private compute at BT.
It’s common knowledge that ransomware attacks are on the rise and organisations need to be realistic about what this means for their security.
The number of entry points into IT systems that attackers can exploit has skyrocketed in recent years. According to the FBI, there has been a 300% rise in cybercrimes during the pandemic as more people log on to their work systems from home networks and personal devices.
Ransomware isn’t going anywhere. Rising global connectivity, the recent rapid adoption of digital communication technologies, and remote working all create potential new ‘doors’ into IT systems. Growing technologies such as the cloud, 5G and the IoT means our connectivity will continue to multiply, meaning more doors and more opportunity for ransomware success.
Ideally, you’ll stop all attacks in their tracks, but that’s not always possible. Having a robust backup strategy is essential if you’re going to be able to take back control and recover your data in the event of an attack.
So, what are the three key areas you should be focusing on when it comes to data protection?
Create robust backups and immutable storage
You can never know when an attack may mean you have to restore your entire estate. So where do you start?
Recognise that your biggest challenge is probably that your data is getting increasingly harder to manage and control, due to spiralling levels of data volumes and types. It might also be spread across multiple locations or saved on a hybrid network which uses cloud storage, in itself increasing vulnerability. This can majorly complicate your data backup processes, and your IT teams can quickly find themselves relying on multiple different backup tools which are costly, confusing to manage and a drain on resources.
It’s important to ensure that you have clean, non-infected backup copies that you can rely on as your last line of defence. Prioritise finding a backup solution that’s flexible enough to handle complex data requirements including cloud storage, and that will simplify management so that you can back up everything at the click of a button, or even automatically.
Factor in security
Take a realistic look at your legacy tools because they tend to become outdated quickly and are unable to match the wide range of assets and threat types. In my experience, they can’t provide robust data protection because they rely on how a system used to work, rather than on how it currently works.
Moving to a modern tool with high specification security is vital in your battle against the effects of ransomware. The best solutions will provide ‘WORM’ storage (write once and read many), with the option to turn on object lock, meaning that once data has been written it can’t be erased, not even by the user’s admin. And more importantly this feature needs to be available across multiple hosting points, whether it be public clouds, on prem or hosted private clouds.
Data protection and network security are interdependent, so your storage and backup solution choices should also consider network security and the anti-malware functionality of your current set up, including any networks that remote workers may be using. Consider using a separate network for your backup data, with just one link between the production data and the storage data.
Build in consistent monitoring
Your security team needs to have constant visibility of any attacks in order to thwart them at the right time, so continuous 24/7 threat monitoring is important. Look for a single solution that can span all your sites and multiple storage locations, or it’ll be impossible to get a complete overview of your whole estate.
This will also make reporting easier and simpler, and a system that incorporates automation can provide round-the-clock monitoring without draining your resources.
Updating your data backup system can also simplify your security processes, offering single-click orchestration capabilities, so your policy-driven backup and replication is always available. It’s important for the solution you choose to have capabilities to proactively track unusual usage behaviour and raise alerts for deep dive diagnosis.