Ransomware in 2022: Capabilities for rapid and reliable data recovery

Jeremy Wyatt, Operations Director, FCS, discloses the seven capabilities that organisations need for rapid and reliable data recovery against ransomware, as we head into 2022

The growth and evolution of ransom-ware is one of the most destructive trends of the last decade. This explosion has moved ransomware from an economic crime to one with immense global security implications. Coordinated government and industry response takes time meaning organisations of all sizes need to protect themselves, their customers, and constituents today.

The sophistication and adaptability of ransomware and other cyber threats today require an agile layered defence covering all elements of data and infrastructure however many organisations still maintain standalone security products that are focused on a single attack vector. These gaps make attacking your data easier than ever for sophisticated cybercriminals who look to exploit any weakness at any level within an organisation. Preventing these attacks is becoming more and more difficult but you can take the necessary steps to ensure your data is protected and recoverable.

Building a Framework for resilient recovery

Effective security programs require structure to understand what should be protected and the value of the asset to the organisation to determine how protection should be implemented. No matter the methodology companies choose a framework that needs to define measurable outcomes allowing IT teams to defend against attacks and recover quickly if an attack is successful.

Without a framework to manage cybersecurity risk, it would be easy to focus all your efforts on detection-based defences such as firewalls and anti-virus while neglecting the processes and tools that are mandatory to effectively respond to and recover from, a successful attack. Put another way, the best offence is a solid defence including having a robust strategy for backing up and protecting your data and workloads. Successful backups are the last line of defence for cyberattacks and can be the deciding factor to prevent considerable downtime, data loss and paying a costly ransom. To that end, we’ve put together an overview of the best practices to provide real-world advice on securing your data.

1. Broad, extensible protection platform

Whatever solution you choose to protect your data should be capable of protecting the breadth of all mission-critical workloads whether they be physical, virtual, container-based, private or public cloud.

Regardless of if workloads are deployed on-premises, in the cloud with IaaS or as SaaS, mission-critical data now resides in many locations and needs to be portable to account for future requirements. The protection platform should have the ability to scale up or down, depending on the requirements and workloads being protected. The backup solution should be capable of capturing data via a multitude of methods, including backup, replication, continuous data protection (CDP) and storage array integrations.

2. Backup Success with automated verification

A robust, comprehensive cyber defence strategy always starts with valid backups. Reliable, verified, and tested backups are the first step to any successful recovery. Busy IT teams need a way to automatically verify the integrity of backup data as backups are taken.

Following the 3-2-1 backup rule gives a good solid start but the 3-2-1-1-0 rule is even better, three copies of important data, on at least two different types of media, with at least one copy being offsite, one copy being air-gapped and zero errors.

3. Resilient backups – air-gapped and immutable

Cybercriminals now routinely attempt to encrypt or delete an organization’s backups as part of any ransomware attack. Success for the adversary is critical here because without backups the victim must pay handsomely to recover their data.

Resilient backups are simply backups that cannot be destroyed by an adversary, even one who has acquired administrative credentials.

4. Immutability is just the start

While making backups immutable so they cannot be deleted is a great method of securing your data there are still other requirements to truly protect your data and stop attacks.

• Unique passwords for every login source
• A robust password manager
• Multi-Factor Authentication
• Remove Unused Devices
• Patch Management
• Encryption End to End

5. Instant data recovery

Before ransomware, organisations typically only restored 3-5% of their backed-up data over a one-year time frame. But in a ransomware attack, 100% of your production data may be encrypted or contaminated with malware, and you need to get it all back, fast. Fast access to data is critical, with the goal being more of a resume than a restore for all vital operations.

Instant data recovery, that can leverage a portable data format to deliver cross-platform access to data ensure fast recovery, when and where you need it. From AHV, Hyper-V, or vSphere to physical Windows or Linux, to Azure, AWS or GCP knowing you have the options to recover to any location is a huge help.

6. Secure data recovery

Ransomware dwell times (the time an adversary is on a victim’s network before activating an attack) can be many months. Because of this, you need automation to ensure that you never restore malware back into your cleansed or new environment. The ability to check data before restoring it is critical to remove any threats, so you don’t introduce them again.

7. Recovery automation

Make no mistake, cyberattacks are disasters. In an emergency, your team needs automated, repeatable results. Your toolset must allow regular tests and audits of how quickly you could recover from a disaster, including automated testing of server and application accessibility and usability post-restore. The more automation you have that is tried and tested the quicker you are back up and running again.

Conclusion

Ransomware is a constant threat but can be managed with planning and a well-rounded solution ticking all the above boxes ensuring your data and organisation is safe should the worst happen.

 

Source material: Veeam

FCS offer services from consultation, managed service, 3rd line support to license only. Please feel free to get in touch for a no-obligation chat.

 

*This is a commercial profile.

© 2019. This work is licensed under CC-BY-NC-ND.