The ransomware epidemic is still raging. Right now, the question isn’t if you will be targeted, but rather when. The number of cyber attacks continue to double year over year, and nearly 20% of attacks are ransomware.
Regrettably, a lot of businesses are unprepared for a cyber attack that might seriously impair business operations. Hackers are still breaking through or finding a way around sophisticated defences like SIEM, SOAR, and MDR/XDR, which notify security analysts of a breach.
What happens if an attack is successful and encrypts your data, demands a ransom, and stops your business from operating? Although you may always rely on your backups, a full recovery typically takes 23 days. It’s also not unusual for firms to require many months to recuperate completely.
While traditional backups make it possible to retrieve deleted files and folders, it wasn’t designed to quickly restore an entire IT estate in a reasonable amount of time.
Plan B would be to pay the ransom. But according to IBM, you have a 1 in 4 chance of not getting your data back. They take the money and you’re stuck.
The number of dormant threats, which can be present but inactivate for weeks, months, or years, is another concerning figure. These attacks are on the increase too. But restoring operations from regular backups isn’t reliable when a dormant threat has been activated. That’s because you’ve been backing up the malware along with your data, so you’re simply restoring the underlying issue.
Let’s look at some common challenges with traditional backups.
- How do you know it will work? Many backup and recovery processes aren’t tested or validated.
- Attacks can be in process for months, so snapshots only preserve and propagate existing malware.
- Backup appliances are often linked with Microsoft Active Directory and the network. You might not be able to access the backups in the event that Active Directory is compromised. Also, the hacker can have complete administrator access to your settings.
- It is no longer safe to assume that backups are not a target. If your backups are on the network, they’re open to attack. 93% of ransomware assaults specifically target backups, which makes recovering from ransomware challenging, according to IBM.
While governments, educational institutions, and healthcare organizations are being targeted the most, every organization is at risk, regardless of size or industry.
Hackers are becoming more sophisticated and accelerating their attacks with automation. Don’t assume that you are not on the list.
Fortunately, there’s a last line of defence that you can rely on to restore operations if the worst happens: secure, immutable backups as part of a comprehensive resilience strategy—Develop a Resilience Strategy
Stoneworks recommends that organizations do a full risk and strategy assessment around cyber resilience as a whole, which can include a cyber readiness assessment, storage assessment, and a detailed security analysis to highlight the gaps in your security posture.
The Stoneworks assessment evaluates five phases of protection.
1. Foundational security
This includes platforms for MDR/XDR, SOAR, and SIEM, such as IBM Security QRadar, which scans network activity for anomalous patterns that indicate unauthorized activity.
It’s important to note that while having the right mix of cybersecurity tools available and active in your environment is important, these tools are only part of the mix for comprehensive cyber resilience, which isn’t complete without a quick backup and recovery strategy and solution.
2. Secure immutability
Secure immutability gives organizations the ability to recover multiple data points from a secure backup that can’t be altered or deleted and is air-gapped from the network.
3. Discovery
Discovery is important because this is where your backups are scanned by a tool like IBM Cyber Vault for malware, looking for patterns that indicate the presence of ransomware.
4. Recovery
If you need to recover your systems in hours, recovering from tape will take too long. Recovering from the cloud can be costly and time consuming. Using an air-gapped environment for recovery is the fastest way to get back into business.
5. Automation
Since time equals money, automating the recovery process will save both. Automation enables you to plan and verify the recovery process in advance of an event, providing you with the resources and assurance you need to guarantee a speedy and successful resolution of your cyber disaster.
Implement the Last Line of Defence: Clean, Immutable Backups
When Stoneworks evaluates cyber resilience, we frequently discover a gap: backup and recovery plans that haven’t been tried and proven, and in many cases, weren’t designed for speedy recovery in the event of a successful cyber attack.
It’s a big gap, because it’s your last line of defence. The vendor community has rallied with several solutions, and IBM is once again leading the way with IBM Flashsystem Cyber Vault to help organizations rapidly recover from a ransomware attack in hours instead of weeks. Cyber Vault is based on NIST standards for cyber resilience, which provide guidelines to help organizations anticipate, withstand, and recover from system compromises such as increasingly destructive cyber attacks.
Cyber Vault capabilities include the ability to create and store immutable backups that can’t be tampered with or deleted, that are scrubbed of malware, and air-gapped from the production network. This is a winning combination to complement a comprehensive cyber resilience strategy.
Immutable backups can’t be changed once they’re written to. And by keeping backups off the network, they’re not at risk for compromise if your network is attacked. To keep malware out of backups, and therefore out of production systems after restoration, Cyber Vault looks for and cleans malware during the backup process.
Stoneworks Can Help
As business and government become more dependent on technology, the need to ensure resilience is paramount. To ensure business continuity, cyber resilience must go beyond SIEM, SOAR, and XDR to include clean immutable backup and recovery.
Stoneworks Technologies is available to assist you. We have extensive knowledge of security, which includes cutting-edge backup and recovery. We can assist with the most crucial and sensitive systems used by our government because we also have a top-secret facility and professionals with top-secret security clearance in Canada.
