Cyberattacks are an inevitability. Every day, thousands of businesses are threatened, and malevolent actors manage to penetrate defenses, stealing information and destroying infrastructure.
Too many businesses (and security professionals) are exclusively focused on reinforcing that wall, the barriers that will prevent unwanted entries. These have a place but can’t be the entire solution. Infiltrations will happen – the vast majority of victims of cybersecurity attacks already have some sort of defense in place – what matters then is how quickly businesses can get back online.
A particularly disruptive form of attacks are ransomware. Hackers plant malware on systems, which can make it impossible to access information. They demand a bounty, usually in cash or even more likely crypto, to remove blocks on the information. If not paid, data can be destroyed – or sensitive data can be leaked to the competition or the public. In fact, this can happen even if companies can pay up.
What makes ransomware so disruptive is that it can remove access to mission-critical information for an unknown amount of time. Hackers frequently target the most valuable, most important data inside a company, which in turn usually makes it the hardest to replace. This could mean weeks or months of critical downtime, with businesses falling behind and incurring unexpected expenses.
With so much at stake, truly comprehensive systems must contain both “proactive” and “reactive” approaches to preventing ransomware attacks. The proactive tools are perhaps more familiar – these include an active cyberdefense training program, along with up-to-date firewalls, intrusion detection systems and malware. But here, we’d like to go into more detail about those reactive tools that can get things back online faster. Together, these constitute truly impactful, effective risk management.
Data lifecycle
Data – increasing amounts of it – is generated from internal and external sources while doing business. Customers, third-party vendors and employees create and modify records that must be stored. This information must be easy to access so authorized users can store it securely and efficiently. There’s an emphasis on primary storage and systems that support high availability and performance. Data-sharing policies must also exist within and outside an organization, identifying who can access specific datasets, under what conditions, and which security measures apply. This helps maintain data security and ensure compliance.
As data ages, it may not need to be accessed as frequently. There should be a consistent, pre-planned schedule for archiving information and moving it to off-site backup facilities. These may not be as instantly accessible, but retrieving the data when needed is still possible. Finally, there needs to be proper procedures in place around data disposal. When data is no longer valuable or required for compliance or other purposes, it must be disposed of securely to prevent unauthorized access or data breaches. Data deletion strategies include data sanitization, where deleted data is cleansed of hidden content, such as metatags and document properties that could pose security risks.
Effective tools
Right in the middle of the data lifecycle is the creation of backup copies of data. The proper way to think about data backup is using the “3-2-1-1” method. This means a total of three types of backups, of which two need to be on different kinds of media (such as network-attached storage, tape, or a local drive), with one copy offsite and one immutable record.
Immutable backups are saved in a write-once-read-many-times format that can’t be altered or deleted – even by hackers and admins. This means bad actors can't alter records, so they cannot be accessed, as immutable backups are unmodifiable. This significantly limits the leverage that hackers have over organizations and in many cases, should completely eliminate the need for paying ransoms.
Reducing downtime. The benefits of a comprehensive approach should be the ability to reduce or hopefully eliminate downtown after a ransomware attack. Data is frequently backed up, which means systems administrators can easily ‘rewind the clock’ to the exact moment there was an incursion. There’s no need to reconstruct material from scratch or from a backup that could have been days or weeks in the past. The system should be agile and scalable, so it doesn’t need to be replaced as a business changes strategy or goes through a period of rapid growth.
In an ideal world, all data would be safe and businesses wouldn’t need to worry about cybercrime. This is, unfortunately, not the world we all live in. By embracing a multi-factor, multl-modal approach, businesses can feel more secure that a successful penetration of their defenses won’t automatically lead to costly downtime.
We've featured the best encryption software.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro