Ransomware: How to Stay Out of the National Headlines
By Chris Castro, Solutions Architect, cStor
“Will my company be the next one in national headlines?” The old saying of ‘all publicity is good publicity’ couldn’t be further from the truth when it comes to Ransomware attacks making the headlines. This concern has been one that is often discussed among corporations of all sizes, keeping many IT executives and cybersecurity staff awake at night.
According to the IBM Security 2021 Cost of a Data Breach Report, the average cost of a ransomware breach comes in at a whopping $4.62 million, accounting for the cost of response, remediation and lost business. It does not include the cost of the ransom payments itself, nor the degradation of trust among customers and the public.
Each year, we see more new clients coming to us with this concern, and with good reason. According to the PWC 2022 Global Digital Trust Insights Survey, over 75% of executives surveyed said they were concerned about “too much avoidable, unnecessary organizational complexity posing “concerning” cyber and privacy risks.” The same survey said 57% of those executives expected increasing ransomware attacks in 2022.
So, while there is a key concern about the increasing volume of attacks, the complexity of mitigating those attacks is daunting. Here are some concrete steps you can take to help protect your organization from ransomware and its impacts.
Employ the 3-2-1 Rule
The 3-2-1 Rule was created nearly 20 years ago, but it still is a guiding set of principles that apply universally today. Although this rule was initially leveraged by a digital photographer after researching best practices among IT professionals, the tool has been instrumental in data protection standards.
The 3-2-1 Rule states:
- Have three (3) copies of your data
- On two (2) or more different types of media storage
- With one (1) backup kept offsite
This may seem overly simple, but it applies to almost any failure scenario including ransomware attacks. Many companies fail to ensure all three of these are in place until they realize one or more critical systems have been compromised. With the versatility of storage technology, there’s nearly an endless way to configure the 3-2-1 rule. The key is ensuring the process is one that is followed regularly to ensure the data is there when you need it.
Leverage Air-gapped and Immutable Data Storage Protection
As cybercriminals become more adept at ransomware, they are no longer targeting just the company’s primary storage but also their secondary and backup storage. These clever criminals realize the backups are key to companies who rely on them for file restoration, and this may prevent them from ultimately being paid a ransom.
Enter air-gapped backups. Air-gapped backups contain no network interfaces – wired or wireless – so they cannot be hacked. Writing data to the backup requires physical access and media such as a tape, thumb drive, or any offline storage device. Different security measures and protocols can be put in place for both access and security protection on the storage devices being utilized in the transfer of data based on the sensitivity of the data each air-gapped backup contains.
Another step is ensuring your online/cloud storage is immutable, meaning it can’t be overwritten, modified or deleted. There are many different ways to accomplish this depending on what you want to accomplish. Here are some examples of how a few different cStor partners handle immutable data:
- NetApp Snapshot – a data protection solution that takes instant copies of your data while applications run and doesn’t allow it to be modified or deleted for a certain timeframe
- Rubrik – All applications and data ingested by Rubrik are stored in an immutable manner. Once ingested, no external or internal operation can modify the data.
- Amazon S3 Storage – By using Amazon S3 Object Lock, you can make data immutable, preventing objects from being deleted or overwritten for a fixed amount of time or indefinitely.
- Veeam – Veeam Backup and Replication allows you to prohibit deletion of data from the extents of the scale-out backup repository by making that data temporarily immutable.
Air-gapped or immutable backups are an essential tool in data recovery, especially in protecting your organization from hacks and ransomware. In fact, data copies that are air-gapped or immutable are referred to as “ultra-resilient” due to the amount of protection they provide, and they are a key step in arming yourself against attacks.
Shore Up Your Access Management
Access management is often a key area of vulnerability for many organizations, especially considering the major shift towards remote employees in the last few years. It’s important to take a closer look at your company’s access management protocols to ensure there are no vulnerabilities. Privilege access management (PAM) products can help gain control over your permissions and access levels for users, accounts, processes and systems. By limiting and defining appropriate control over privileged access, you can prevent and mitigate the impacts of ransomware.
Your network should also be secured through password solutions and multi-factor authentication (MFA). If you haven’t already rolled out MFA yet, you’re probably taking more of a risk than you should. MFA solutions have evolved to provide enterprise-wide, context-based, adaptive MFA – making it much easier on both administrators and users. Consistency and correct use of authentication tools are critical as once a hacker has succeeded in penetrating one user’s access, they can quickly pivot to other workstations.
Zero Trust is another important security model that is being adopted by many organizations and is even endorsed by the National Security Agency (NSA). According to the NSA, “The Zero Trust security model eliminates implicit trust in any one element, node, or service and instead requires continuous verification of the operational picture via real-time information fed from multiple sources to determine access and other system responses.” Zero Trust helps prevent and limit the damage from ransomware attacks through PAM policies that rely on “least privilege” principles, giving users only the privilege they need to perform their job functions.
Create a Framework and Assess Your Security Position
Finally, framework development and security assessments are key tools in your security toolbox. There are several types of assessments that can help you prevent, detect and remediate ransomware and other cybersecurity attacks. Here are a few examples:
- Framework Development Consulting – A consulting service to help you develop an effective cybersecurity framework that contains processes and objectives that help you define your policies and procedures around information security, guide your implementation of controls, and drive management, measurement and monitoring of your information security program.
- Vulnerability Assessment – The vulnerability assessment uses one or more scanning tools to identify vulnerabilities in the portions of your network included in the scan. While the tester may take some steps to validate vulnerabilities and/or eliminate false positives, they do not take any further manual steps.
- Pen Test Assessment – The Penetration Test (Pen Test) identifies weaknesses or vulnerabilities in the portions of your environment being tested. Once identified, further steps are taken to exploit those vulnerabilities to gain access, elevate their access rights or take other unauthorized actions. In most cases, a penetration test starts with a vulnerability scan and then goes much further.
- Compromise Assessment – This holistic assessment uses integrated artificial intelligence tools to evaluate your organization’s security posture to determine if a breach happened or is actively occurring. The assessment determines when, where and how a compromise occurred and provides tactical and strategic recommendations for preventing another attack.
- Email Security Risk Assessment – This assessment provides an aggregated analysis of tests that measure the efficacy of your existing email solution. The assessment offers visibility into your current environment and provides actionable information that can be used to re-prioritize your email security strategies.
Yes, ransomware is a troubling cybersecurity concern that isn’t going away anytime soon. However, the good news is that cStor has the expertise and experience to help alleviate your worries about ransomware in order to get you back into a healthy sleep cycle! To get help shoring up your security posture, or with any of the framework and assessments mentioned above, contact cStor to schedule an appointment today.