September 24, 2020

Ransomware resilience – what’s the best defence?

By Simon Jelley

An organisation is only as strong as its cyber defences. Downtime can be deadly for businesses, and a ransomware attack can do some serious, long-lasting damage – even household brands can find themselves on the ropes after a significant attack.

Veritas’ own global research shows that consumers are none too forgiving when their personal data has been compromised: 49% say they would stop using the services of an affected company, and one in ten even believe the CEO should go to prison.

Yet, despite this, many organisations still lack adequate protection. Data is dispersed across organisations, siloed in virtual environments, and is too often forgotten and left unprotected. With company data so fragmented, switching to a unified solution could offer the best ransomware protection for businesses.

The best ransomware defence is a comprehensive approach to data security involving staff education, intrusion security, email and spam filters, antimalware, endpoint protection software and backups. Data is often a company’s most precious asset but, to keep it safe, you need a strong foundation of management and best practice.

Employees: the first line of ransomware defence

Prevention is much better than a cure. Even though you can’t prevent every attack, the earlier they can be nipped in the bud, the cheaper and less damaging they’ll be. Just as you should never rely totally on prevention, you should never rely totally on restoration either.

For this to work, a strong understanding of the value of data and the importance of its management needs to pervade a company from the boardroom to the mailroom. In most cases, employees will be the foot soldiers in the defence against invasive malware, and it’s their immediate response that determines whether an attack is successful. Regular and comprehensive security training is crucial for making sure they can detect and report a ransomware attack before it can do any real damage.

However, data responsibility is more than threat awareness. How employees store, organise and classify data is just as important. When a set procedure is absent, data can easily go unclassified and eventually becomes ‘dark’, its location unknown and unprotected by the latest security patches or policies. This lost, dark data poses a potent security risk to companies. If you don’t know where your data is, how can you be certain it is protected?

Poor data management ultimately stems from human failure. It suggests strong data policies aren’t being created by company leadership, enforced by managers, or adhered to by employees. It only takes one weak link to break the chain, so data responsibility has to permeate the whole company.

Keeping data properly organised can be challenging in today’s highly fragmented IT and cloud environments. To prevent data from becoming lost in the machinery of the business, staff should have access to the right security and data management infrastructure. Endpoint detection and antivirus software will screen out a great deal of incoming attacks. However, staff also require tools that break down silos and consolidate all data within a single database so they can better monitor, maintain and protect it.

Beating ransomware isn’t your IT or security team’s responsibility, it’s everyone’s. Strong data management needs a company-wide culture of data responsibility alongside the tools for malware detection and resolution.

Backups: the last line of defence

This said, ransomware prevention needs to be supported by ransomware response. No cyber defence is impenetrable – it only takes one employee to click on one malicious link in a moment of absentmindedness for your whole system to fail.

Ransomware can rapidly infest your network, knocking out your onsite data centre one minute, and blocking access to your private cloud the next. If the attack can’t be contained, it can quickly spread across all your different environments. The only solution is for companies to take control over their data security. A critical part of this is having a well-defined data backup plan in place.

Data backups act as an insurance policy against attack. If data is lost to a successful ransomware attack, its backup can simply be restored, with no need to pay the ransom. To protect the backups themselves, ensure they are properly isolated from the network. Preserve multiple copies of each and recycle them through the system to ensure they aren’t sapping available storage space.

Before you do this, however, you need visibility. If you don’t know where your data is, how can you ensure it is backed up and protected? When data is visible it is easier to protect under a single, consistent set of policies. So invest in tools that link together your disparate data environments and allow your employees to locate data fast.

The next consideration should be complexity. Designing and implementing a unique data backup plan for every environment would be time-consuming, counter-productive and inefficient. Every time your policies change, they’ll have to be implemented individually for each environment at considerable cost. Instead, you should seek a platform that can automate this process, rolling out shared and updated policies across your entire data estate.

Data may be your greatest asset but, without care, it can be gone in an instant. In today’s highly complex, hybrid multi-cloud environments you need consistent data governance, protection and ransomware resiliency across all environments at all times. Adopting a platform that ensures you know what data you have, and where it is, helps maintain visibility and keep your data estate protected.

Simon Jelley is the VP of product management at Veritas Technologies, an American international data management company. 

Read more: NCSC warns of cyberattacks against schools after ransomware spike