By Kamal Brar, Vice President and General Manager for Asia Pacific and Japan, Rubrik
Cyber criminals have been busy exploiting the current pandemic, a tactic they have used in many other global crises. Similar to previous times, attackers are preying on our need for information in the form of phishing emails, or other malware. However, in the current pandemic we have witnessed the spread of attacks to large organizations including hospitals and government agencies. Employees pose a more significant threat to corporate security during this time by working from weaker home networks. This means that more organizations are vulnerable to the sophisticated ransomware attacks that hackers are using to take advantage of the situation. As a result, cyber resiliency is more important than ever.
Hackers will only continue to take advantage of unsecured systems to get to companies' valuable data. Companies are also agreeing more often to pay ransoms to recover their data. To reduce the potential impact of these ransomware attacks, organizations need to move from a reactive to a proactive model in which companies are prepared for attacks.
How Can Organizations Become More Resilient
Creating an organization that is more resilient to cyber attacks begins with a mindset change, supported by technology, to ensure that data sets are protected. From a technology perspective, the most important question to answer is how quickly the IT team can recover once the system is breached. Automation is a critical way that IT teams can gain a better understanding of potential vulnerabilities, be proactive in identifying threats and quickly minimize the impact of ransomware attacks.
One area where automation can impact how organizations recover from a cyber attack is with backup data. Backups are often the last line of defense against ransomware. However, advanced ransomware attacks are encrypting or deleting backup files. When an organization's last line of defense is compromised, ransom payouts increase. To avoid this result, organizations need to ensure that their backups are part of a reliable recovery strategy following an attack. For many IT teams relying on legacy backup solutions in the Philippines, recovery can be complex and time consuming. Additionally, identifying the scope of the attack, locating the most recent clean data, and restoring quickly can be an even great time and resource investment. IT teams need to incorporate modern data management solutions into their ransomware remediation strategy to ensure minimal data loss and business impact in the event of an attack. These solutions should have three key features.
1. Native immutability to safeguard backups – Companies can guarantee their backups are not compromised in ransomware attacks by ensuring that all data and applications are stored in an immutable format. Data management solutions can provide instant recovery from immutable backups, meaning that ransomware never affects backups.
2. Fast recovery to minimize downtime – Recovering from an attack is generally the largest issue for ransomware victims. Organizations need a solution that will streamline the process of identifying and restoring the most recent clean version of the data. Automation frameworks such as ServiceNow Incident Response can also help to increase operational efficiency.
3. Granular visibility to reduce data loss – Minimizing data loss from a ransomware attack requires IT teams to identify impacted applications and files quickly. This is a process that can be incredibly time-consuming with existing technology. Modern data management solutions enable organizations to identify which applications and files were impacted through intuitive data visualizations and roll back with visibility down to the file-level. This minimizes the risk of data losses associated with mass restores that include uncompromised data.
Paying ransom should not be the only option an organization has following a ransomware attack, especially when cyber criminals are taking advantage of a situation like the current pandemic. An effective defense against ransomware enables organizations to remain focused on more important priorities regardless of the situation.