7 steps to defend your corporate data against ransomware
Ransomware is a growing security problem and one of the biggest forms of cybercrime organizations face today. Every day, news feeds feature stories of criminals brazenly announcing that they are holding critical data hostage until a ransom is paid. And there is no guarantee that this data will be recovered even if you pay the ransom.
Run by well-funded criminal organizations with full-time developer teams, ransomware has become a lucrative business. According to CyberSecurity Ventures, The ransomware claims a new victim every 5 seconds, and by 2021 the damage costs worldwide have reached $ 20 billion. That’s a 57-fold increase in just 6 years – more than enough to keep your RSSI awake at night.
With the increase in new strains of ransomware and other malware threats, and the continued growth of data from the edge to the cloud, your business and customer data is at greater risk than ever. In this rapidly changing environment, businesses must act quickly to protect critical data.
Data protection is a crucial axis of ransomware defense. Secure backup images of critical business data and applications allow businesses to go back to recover applications and data before the point of ransomware infection. While many data protection solutions on the market promise to support backup and restore, most of them only offer partial protection. Legacy solutions are not immune to ransomware once data center systems are affected.
Can you prevent ransomware attacks?
Attacks happen. It is not a question of if, but when. As long as cybercriminals believe your data is valuable, they will continue to exploit vulnerabilities and find innovative ways to encrypt critical data. This means that investing in recovery is just as critical as prevention. Including data protection in your cybersecurity framework is a requirement for cyber resilience. Here are 7 best practices that can help you mitigate the risk of ransomware attacks and prepare your business for a speedy recovery.
1. Use both disaster recovery and backup solutions
Backup is part of every cyber resilience plan. Ransomware is a disaster scenario, therefore organizations should also include Disaster Recovery (DR) in this plan. Modern disaster recovery solutions offer granular recovery checkpoints and the ability to recover entire sites or applications with just a few clicks. These solutions enable significantly lower recovery point goals (RPOs) and faster recovery time goals (RTOs).
Protecting multi-layered data using the 3-2-1-1 rule remains crucial. Store three copies of your data on two different types of media, one stored offsite and the second stored offline. Organizations using both disaster recovery and backup solutions to create impenetrable multi-layered defense are able to remediate risk and get up and running much faster after encryption. End-to-end data protection solutions, like those offered by HPE, allow you to easily adopt the 3-2-1-1 rule to ensure data integrity and maximize the availability of applications and data for your business.
2. Test, test and test to ensure recovery
Most organizations are unsure of their ability to recover once an attack occurs, usually due to infrequent testing of their disaster recovery and backup solutions. It is imperative that organizations prove their ability to recover by fully testing all recovery operations, from failovers to file-level recoveries. Mimic real disaster and recovery scenarios to ensure administrators follow protocols and documentation, especially during ransomware recovery simulations.
3. Isolate backup data
Cybercriminals typically attempt three insidious techniques in an attempt to force a ransom payment: encrypt, modify, or delete an organization’s data. If the data changes, the ransomware changes the storage blocks and your backup system ends up backing up the changed and now encrypted files.
Immutable backups keep backed up data out of reach, effectively building a wall against ransomware attacks. Systems such as HPE StoreOnce Catalyst provide immutable backups that cannot be encrypted, modified, or deleted. HPE data protection solutions completely isolate data wherever it is to prevent it from being tampered with, intentionally or not. Secure by design, these solutions make backup images invisible and inaccessible to ransomware, ensuring data integrity and enabling data recovery in the event of an attack.
4. Improve your RPOs
How often you make a backup determines your data loss. For organizations using nightly / daily backups, this can mean hours or a whole day of data loss. If you’re looking to reduce data loss, now is the time to rethink the frequency of data protection for better RPOs.
HPE data protection solutions allow you to deliver RPOs of seconds using Continuous Data Protection (CDP) as well as a backup solution that enables near-continuous data protection for more frequent backups for better times recovery and longer storage periods.
5. Speed up your RTOs
The attacks happen, and quickly. While it is important to use the 3-2-1-1 rule to protect yourself against data loss, it is equally essential to prepare for a speedy recovery. The longer your business waits to be operational again, the greater the damage.
Data protection solutions with integrated orchestration and automation enable predictable and rapid recovery, minimizing system downtime, business disruption and lost revenue. Zerto, an HPE company, speeds up the process of recovering your data and applications, at scale. Zerto’s CDP technology enables recovery in minutes and enables your organization to recover from an interruption or failure with the lowest RPOs and fastest RTOs in the industry.
6. Add empty data protection
An air gap, also known as an “air wall,” is a security measure that protects data against intrusion. The concept is simple: any device that is not connected to a network cannot be attacked remotely. One of the challenges with on-premises data protection solutions is that they are exposed to the same ransomware threat as the rest of your data center. Any backup environment connected to your network can be infected with the same ransomware that corrupted your main database, preventing you from accessing your backup data at a critical time.
You can avoid this cyber trap with empty tape backup solutions. Storing offline and offsite copies of data on tape storage without connectivity to public networks ensures that ransomware cannot interfere with a backup. To create secondary backup copies to tape regularly to make sure that you will always have a blank copy of your data.
7. Configure on-demand sandboxes and anomaly detection
Securely recovering data from a ransomware attack requires more than just performing a recovery. This involves investigating and isolating the data for verification before it is put back into production. There are a number of anomalies in a data center that can be monitored, and a few combinations that can be good indicators of active ransomware. It’s here that HPE InfoSight really shines and can give you the detailed information you need to make management decisions.
Hardening systems by updating them with the latest patches and detecting malware before an attack occurs are both important in preventing ransomware attacks. Ransomware attacks can sit idle on systems for days, weeks, or months before attackers decide to activate the malware, and they often target known vulnerabilities.
Zerto allows you to build an on-demand sandbox replica of your production environment quickly and without disruption. Being able to quickly and uninterruptedly test security patches and scan for malware in on-demand sandboxes helps you accelerate preventative measures to protect your systems against ransomware. Sandboxes and anomaly detection can work together to provide an additional layer of protection against cyber threats and modern disasters.
Take back control
By implementing these steps, you can begin to protect your organization’s data against damaging ransomware attacks. When you are in control of your business data, you are no longer vulnerable to hackers’ requests. As the threat landscape continues to evolve, more companies will need to modernize their data protection from the edge to the cloud to protect their data from any cyber attack.
Modernize data protection gives you control and can also improve efficiency by reducing the costs, risks and complexity of backup environments. Protecting your data at the edge, on-premises and in the cloud will enable you to meet future SLAs, enabling you to meet demanding SLAs (RPO and RTO) and move your business forward.
 Cybercrime to cost the world $ 10.5 trillion annually by 2025, CyberCrime Magazine, November 2020
About Avi Raichel
As CIO and Vice President of GTM at Zerto, Avi Raichel leads the IT team as well as various GTM areas including Managed Service Provider (MSP) business, Sales Operations, Channels & Alliances and Generation demand. Zerto, a Hewlett Packard Enterprise company, is an industry leader in cloud data management and protection. Since joining the company in 2017, Avi has helped ensure that internal IT systems and processes accelerate Zerto’s strong business growth.
Copyright © 2021 IDG Communications, Inc.