Cyberattacks are inevitable. Every day, thousands of businesses are threatened, with malicious actors able to penetrate defenses, steal information and destroy infrastructure.
Too many companies (and security professionals) focus solely on reinforcing that wall, the barriers that will prevent unwanted entry. These have their place, but they cannot be the complete solution. Infiltrations will happen – the vast majority of victims of cybersecurity attacks already have some form of defense in place – what matters then is how quickly companies can get back online.
A particularly damaging form of attack is ransomware. Hackers install malware on systems, which can make it impossible to access information. They demand a ransom, usually in cash or, more likely, cryptocurrency, to remove blocks of information. If not paid, data may be destroyed or sensitive data may be leaked to competitors or the public. In fact, this can happen even if companies are able to pay.
What makes ransomware so damaging is that it can take away access to mission-critical information for an unknown amount of time. Hackers often target the most valuable and important data within a company, which in turn often makes it the hardest to replace. This could mean weeks or months of critical downtime, with businesses left behind and incurring unexpected expenses.
With so much at stake, truly comprehensive systems must include both “proactive” and “reactive” approaches to preventing ransomware attacks. Proactive tools are perhaps best known: they include an active cyber defense training program, along with updated firewalls, intrusion detection systems, and malware detection. But here we’d like to take a closer look at reactive tools that can get everything back up and running faster. Together, they make for truly impactful and effective risk management.
Vice President of Engineering at Arcserve.
Data life cycle
Data is (increasingly) generated from internal and external sources during business activity. Customers, third-party vendors, and employees create and modify records that must be stored. This information must be easily accessible so that authorized users can store it securely and efficiently. The emphasis is on primary storage and systems that support high availability and high performance. There should also be data sharing policies within and outside an organization that identify who can access specific data sets, under what conditions, and what security measures are in place. This helps maintain data security and ensure regulatory compliance.
As data ages, it may not need to be accessed as frequently. There should be a consistent, pre-planned schedule for archiving information and moving it to off-site backup facilities. It may not be as instantaneously accessible, but it is still possible to retrieve data when needed. Finally, proper procedures need to be in place around data deletion. When data is no longer valuable or required for regulatory compliance or other purposes, it should be securely deleted to prevent unauthorized access or data breaches. Data deletion strategies include data sanitization, where deleted data is cleaned of hidden content such as meta tags and document properties that could pose security risks.
In the middle of the data lifecycle is the creation of data backups. The correct way to think about data backup is using the “3-2-1-1” method. This means a total of three types of backups, of which two should be on different types of media (such as network-attached storage, tape, or a local drive), with one off-site copy and one immutable log.
Immutable backups are stored in a format that allows them to be written once and read many times, and cannot be modified or deleted, even by hackers and administrators. This means that malicious actors cannot alter the records, so they cannot be accessed, as immutable backups cannot be modified. This significantly limits the influence hackers have over organizations and in many cases should eliminate the need to pay ransoms altogether.
Reduced downtime. The benefits of a comprehensive approach should be the ability to reduce or hopefully eliminate downtime after a ransomware attack. Data is backed up frequently, meaning system administrators can easily “turn back the clock” to the exact moment when an incursion occurred. There is no need to rebuild material from scratch or from a backup that might have been made days or weeks ago. The system should be agile and scalable, so it does not need to be replaced when a company changes strategy or goes through a period of rapid growth.
In an ideal world, all data would be secure and businesses wouldn’t have to worry about cybercrime. Unfortunately, this isn’t the world we live in. By taking a multi-factor, multi-modal approach, businesses can feel more confident that a successful penetration of their defenses won’t automatically lead to costly downtime.
We have presented the best encryption software.
This article was produced as part of TechRadarPro's Expert Insights channel, where we showcase the brightest and brightest minds in the tech industry today. The views expressed here are those of the author, and not necessarily those of TechRadarPro or Future plc. If you're interested in contributing, find out more here: