+
EDITOR’S QUESTION
GREGG PETERSEN, REGIONAL
SALES VICE PRESIDENT, MEA,
VEEAM SOFTWARE
P
aying ransom fees to regain access
to data in the vague hope that
criminals will release files from hostage
is a known phenomenon that continues
to demand regular column inches. But
currently, with ransomware on the rise, no
company wants to get into the habit of
paying out a ransom fee to access their own
services. How can businesses guard against
the rising threat of ransomware?
The rise of ransomware
The vital ingredient in ransomware’s
startling rise is money. The sheer size of the
reward available can convince even people
with impeccable moral standards to commit
a crime. Suddenly there is a reason for rogue
employees to take a risk and those with
intimate knowledge of a company’s business
processes can purposely target systems
containing its most precious data to ensure
the organisation must pay.
The other key factor is that malware has
previously been something only skilled
hackers could create, but now the ease of
ransomware creation makes the process
almost effortless, making it a simple task for,
in theory, anyone with a computer to drop
the malware and wait for the ransom pay-out.
Indeed, a service known as Satan on dark
web portal Tor allows anyone to create and
configure a variant of malware and choose
from a range of techniques, select a ransom
note, choose a contact preference and track
the amount of money they’ve made.
Trojan malware like Locky, TeslaCrypt and
CryptoLocker are the most commonly
used variations currently used to attack
companies. These often breach security
loopholes in web browsers and their
plugins or inadvertently opened email
attachments and, once inside the company,
the ransomware can spread at breakneck
speeds and begin to encrypt valuable data.
www.intelligentcio.com
The FBI has recommended that companies
implement a solid ransomware backup and
recovery strategy for effective protection
against data loss caused by CryptoLocker or
any other Trojan.
/////////////////
Repelling ransomware
Placing tight permissions on data is all well
and good but realistically it will not help
businesses, given that credentials can be
obtained with a keylogger or through social
engineering. Instead, to protect themselves
against the threat of insider threats and
ransomware, businesses should look to
air gapped backups, which are essentially
offline backups that cannot be manipulated
or deleted remotely.
The criticality of the workloads and data within
business environments demands a 3–2–1 rule,
whereby three copies of the company data
should be saved on two different media and
one copy should be offsite.
Four options for effective data backup
are: Transfer the data from one location
to another using Backup Copy Job; use a
removable storage device as the secondary
repositary; use tape because they do not
enable direct data access and thus provide
protection against ransomware and
implementing the 3–2–1 rule with storage
snapshots and replicated VMs.
Never pay a ransom again
The ability to restore data means no
business should ever have to pay a ransom.
However, nothing can be taken for granted
in the cybersecurity space, as threats are
constantly shifting and the number of attack
surfaces grow with every new device added
to a network.
Businesses must assume it is a case of when
an attack will happen, not if. To remain agile
and in control of both new and emerging
threats, security must no longer operate as a
silo IT function but rather as a fundamental
business process and enabler.
Ransomware must be prevented where
possible, detected if it gains access to
systems and contained to limit damage.
But only through a collaborative and
integrated approach, which ensures both
security policies and SLAs align with
business objectives, can organisations
have confidence their data is as secure
and available as possible. Doing so gives
them the best chance of keeping their
organisation one step ahead of the
cybercriminals, as they look to realise the
benefits of digitisation.
INTELLIGENTCIO
29