Tackling Ransomware with a Data-Centric Cyber Resilience Approach
What makes these ransomware attacks a real challenge is the fact that these attacks are sudden. Before you realize there's a threat, the hackers have stolen information, have encrypted valuable files, and are demanding that a ransom be paid to release those files back to you. But paying the ransom doesn’t always minimize the damage. It can take weeks after a ransomware attack to fully assess the damage done – not to mention many functions that come to a standstill, affecting the business crucially. Preventing these ransomware attacks requires careful attention to every aspect of your data. It requires a multilayered solution to what is a multilayered problem including infrastructure management, monitoring, and services to help protect, detect, and recover from cyber threats.
Organizations can identify and map out the flow of sensitive data and transactions to create a baseline of interactions among users, resources, applications, services, and workloads.
Most technology vendors have traditionally focused on ransomware recovery: getting businesses back online after they’ve been attacked. But that approach alone does not suffice. What is needed is a comprehensive and preventive approach to ransomware protection including solutions that have built-in features that protect and secure primary data, using AI and machine learning to proactively spot and counter malicious or irregular actions.
Organizations must look at building a robust cyber resilience portfolio that ensures the right enterprise data protection and security to be able to outfox cybercrime.
Here is a five-step approach that an organization can consider when developing its cyber resilience strategy:
• Identify: Take stock of the IT environment and assess current data protection and security processes. This includes classifying all data sets into different categories based on their business values, determining where and how the data sets are stored (according to their value), and evaluating data access permissions. Without the right tools, this can be a time-consuming task. If not done right, it can also create confusion down the road in the protection and recovery process.
"As cyber resilience is data-centric by design, organizations’ data is always fully secure, resilient, and available no matter where it resides - on-premises, at a remote location, or in the cloud."
Furthermore, organizations can identify and map out the flow of sensitive data and transactions to create a baseline of interactions among users, resources, applications, services, and workloads. This is fundamental in building a zero-trust architecture.
• Protect: This encompasses data encryption, conducting regular backups, ensuring proper infrastructure management and access control, implementing perimeter defenses, updating vulnerable operating systems and applications, and training users about cybersecurity best practices. This exercise typically starts with defining recovery time objectives (RTOs) and recovery point objectives (RPOs) for the different data sets categorized in the previous step.
Organizations should also put each critical digital element into an individual protect surface with its own micro-perimeter controls and filters in a zero-trust environment. These measures will enable organizations to block malicious users, thwart infection, and prevent data deletion.
• Detect: Detection is vital to staying ahead of malicious agents and other threats, and identifying suspicious activity before it becomes an existential threat. This includes establishing a baseline of access patterns, continuously monitoring user behavior, and detecting anomalies in storage or file system behavior.
Organizations adopting a zero-trust architecture should also consider centralized monitoring and management. Continuous monitoring with a single-pane view of their data environment makes it easier for organizations to identify and act on anomalies in user behavior. To stay ahead in the game, organizations must select tools that update their threat databases in an automatic and timely manner.
• Respond: A good disaster recovery and business continuity plan needs to be tested periodically, including operational response as well as automated responses. Plans need to be updated continuously as threats evolve and lessons learnt from other attacks. Updates should be communicated with internal and external stakeholders to ensure a coordinated response if an attack occurs.
• Recover: Downtime can be reduced by applying intelligent forensics to identify the source of the threat and targeting which data to restore first. By rapidly restoring data, companies can help accelerate operational recovery and bring critical applications back online.
As cyber resilience is data-centric by design, organisations’ data is always fully secure, resilient, and available no matter where it resides - on-premises, at a remote location, or in the cloud. This provides organizations with a robust security foundation to support their future cloud and digital transformation initiatives. It allows them to nurture greater digital trust among their stakeholders and stand out among their competition in the digital economy. With the right approach, an organization can avoid downtime not only by preventing an attack from happening but also recovering data almost instantly and keeping the business running.