Experts estimate that a ransomware attack will occur every 11 seconds in 2021, is your company prepared? These attacks are becoming more prevalent and devastating, with recent attacks taking down major organizations across every major industry vertical. Even with security procedures in place, it’s very likely that attackers will get in at some point.
When facing a threat such as this, businesses are faced with important questions. Does your organization have the means in place to quickly recover? Companies who are not adequately equipped can deal with devastating downtime, lost data, or worse, paying ransoms similar to the $5 million paid by Colonial Pipeline this year.
This article will explore the challenges of ransomware and how your business can survive such an attack.
The Infection Runs Deep
Ransomware attacks rarely infect just a single device or user. Over half the ransomware attacks affect over 20 computers in an organization. Once this state has been reached, hackers have a deep foothold in your organization for getting to other more privileged resources, including your backups. How do you recover from backups if they have already been tainted?
It is hard for an organization dealing with a rampant infection to effectively assess their assets and guarantee that they are not restarting the problem by restoring from backups. At this stage, even the antivirus (AV) solution cannot be trusted entirely. This leaves organizations in a nasty Catch-22 situation. If they don’t restore from backups, they are forced to pay the ransom, but they might only be re-infecting their infrastructure if they do restore from backups.
Even a basic ransomware outbreak will come with some downtime due to the time needed for identification and resolution. This type of outage can range from a single person to the entire organization, depending on how widespread it is. On average, ransomware attacks will cause 21 days of downtime for an organization. In 2020, Universal Health Services suffered a 3-week outage, costing $67 million due to a ransomware attack. Can your organization afford to be down for this long?
Traditional disaster recovery (DR) solutions are not enough to protect organizations from ransomware attacks. By their nature of being directly accessible to network assets, they are a potential target for attack. This eliminates what was previously a guarantee of safely restoring a server to an uninfected version.
Resilience is Survival
Protection from cyber attacks is a combination of cyber security and Cyber Resilience. Cyber Resilience leverages new mechanisms to quickly and efficiently get the business processes back online with as little loss as possible. This requires a shift in paradigm to newer solutions that embrace:
- Air gaps in the network
- Multiple point-in-time images
- Immutable storage
- Automation of processes to check and clean images
These solutions leverage cloud processes to quickly recover from attacks and prevent attackers from worming their way back in post-recovery.
To improve security, modern organizations need to embrace the principles of Zero Trust. Zero Trust takes a multi-faceted approach to security by removing standing privileged access by implementing the concept of never trust, always verify for access of privileged assets and network communications. This approach quickly limits emerging threats and deals with them before they explode into a significant incident.
Zero trust solutions make it harder for attackers to get a foothold in your organization. They remove standing permissioned access and move to a verification methodology. It works much like an airport security check. Absolutely everyone, including the flight crew, has to be checked out before they can move forward. After gaining traction in the private sector, the release of NIST 800-207 in 2020 is enabling government agencies to embrace Zero Trust.
Speed is Essential
To deal with bad actors, time is of the essence. Every moment wasted from detection to remediation and recovery is another moment that your business is impacted. Automation is crucial for analyzing images for anomalies that may indicate dangerous activity such as malware infections and ensure that recovery environments are clean.
Automation is a crucial tool for helping teams manage incident response by streamlining processes and finding the ideal point-in-time image to recover. Automated processes move faster than a human can to initiate changes to bring production on-line while preventing future attacks.
Clean the Data
Attacks are not always spur-of-the-moment incidents. More complex attacks can take months to come to fruition, with bad actors planting future tools throughout the infrastructure far before making a significant move. This means that components for an attack are likely already in backed-up data, and restoration from the latest images will often be tainted. Preparing for new and emerging threats means organizations need to assume that any recovered data is not to be trusted by default.
To rapidly recover from an incident, the systems and data brought into production need to be clean from infection. Otherwise, the process may start all over again. Cyber resilience leverages the cloud recovery environment to clean and fix issues before they are re-initiated into production. The power of the cloud allows for short-term explosive scaling to get the job done quickly while isolated from the infected data center.
Moving Beyond DR
Today, businesses face threats from attackers far beyond the capability of traditional Backup / DR processes to recover effectively. Cyber resilience allows organizations to take proactive steps to protect their organization and rapidly respond and recover from incidents with limited downtime. Embracing cyber resilience enables businesses to have the foundation to deal with existing and emerging threats.
Explore this article to learn how the cyber security landscape has changed and how businesses can adopt cyber resilience to survive.