Ransomware hit the headlines in 2019, with several high-profile attacks causing significant service disruption.
By Johann Scheepers, country head at Commvault South Africa
Some of the most notable ransomware attacks which caused lengthy outages at City of Johannesburg and Johannesburg City Power.
The main takeaway from this is that ransomware is on the rise and big businesses as well as banking and public sector are all attractive targets. The key to dealing effectively with ransomware and other data-related cyberattacks is to be able to respond and recover quickly to mitigate the damage and minimise the impact on the business.
Holding data to ransom is highly lucrative
Ransomware, a cyberattack where hackers hold data or other IT systems hostage by encrypting them, has become a booming criminal industry. Some of the primary targets for these attacks have been government organisations, both in South Africa and across the world.
The reason for this is simple – governments have large repositories of data that is likely highly valuable to them, they stand to lose significantly if they cannot recover, and they have the means to obtain the ransom money.
These factors make any big business a good target and the rampant increase in the number of attacks means that experiencing at least one incident is a high probability. Being prepared is essential, and the ability to respond and recover from an attack has become a business continuity imperative.
Data protection is an essential ingredient
While having adequate security systems in place remains critical, it is critical to be able to address the threat on multiple levels. According to the Gartner report titled “Avoid Ransomware Disasters With a Better Backup and Recovery Strategy”, data protection capability underpins a holistic response to ransomware attacks.
In today’s world organisations need a robust data protection strategy and solution that covers all areas of the business. This ability starts with the backup architecture itself, which should enable a business to understand their data and where it resides and continuously analyse it to detect a breach and quickly isolate it.
Monitoring the data enables risks to be quickly mitigated and most importantly allows for recovery to be expedited, which in turn minimises downtime and the negative impacts of a breach.
Treat data as the strategic asset it is
A holistic backup and data protection architecture is the foundation of effectively responding to a ransomware attack. One key feature is to ensure that ransomware-analysis-based recovery is in place to quickly identify affected data as well as the best recovery point.
This will ensure the fastest possible recovery speed. In addition, instant restoration of multiple systems needs to be enabled to ensure that a group of systems such as an application stack can be recovered quickly.
It is essential to document the plan to recover data and restore infected systems and ensure that every employee knows what they need to do in the event of a data breach. This can be likened to conducting a fire drill, to ensure that everyone is comfortable with procedures in case of emergency.
In order to ensure that strategy is sound, testing is critical. Organisations need to conduct recovery tests that align with assigned Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs), as well as perform quarterly data integrity tests on a sampling of recovered data.
From prevention to recovery
While prevention is traditionally though to be better than the cure, the truth is that prevention of ransomware attacks in many cases may not be possible. Working under the assumption that a breach will occur at some point can help businesses to ensure they are able to resume normal operations as quickly as possible. Being prepared for an attack and having a fully-tested, well understood recovery plan in place is sound business strategy.
However it is important to bear in mind that this plan needs to be constantly evolving to meet changing threats and business requirements. The key to success can be summed up as follows: plan, execute, test, repeat.