Edwin Weijdema, Global Technologist, Veeam, says Business Continuity is all about backup.
Employing a robust backup strategy is important in fortifying an organization’s defences against ransomware attacks.
Backup data is the last line of defence against ransomware attacks and hackers know this. By attacking the backup solution, attackers completely remove the option of recovery and essentially force payments.
While best practices such as automating cyber detection scans, securing backup credentials and auto verifying that backups are restorable are beneficial, the key tactic is to ensure that backup repositories cannot be corrupted or deleted.
Organizations must focus on immutability by addressing unclassified data and data that is not tagged or identifiable in order to assign a risk level to datasets. Identifying and tagging important data will allow businesses to see which of their datasets have been breached in an attack, allowing IT leaders to determine if sensitive data was leaked.
One backup is no longer the standard practice and it is recommended that businesses follow the ‘3-2-1-1-0’ rule, allowing companies to have a solid backup strategy that can be utilized in the event of a disaster.
The rule essentially means three copies of backup, with two backups stored on different storage media, one at an offsite location and one offline.
In the likely event of a ransomware attack, the extra copies can allow organizations to go back online as soon as possible and be reinstated to the most recent save point.
It is imperative that all backups are monitored daily and should have zero errors. Restore testing should be performed at recurring intervals to ensure that the most updated data can be retrieved.
Over 493 million ransomware attacks took place last year – a sure sign that such incidents are growing in volume and intensity and now affect every industry sector.
As the threat landscape continues to evolve, it is imperative that businesses adopt proactive measures and learn how to effectively respond when needed.
For many organizations, the first instinct is to pay the ransomware fee when attacked, but many do not realise that this does not guarantee that data will be recovered or returned to them.
According to the Veeam 2023 Ransomware Trends report, 80% of global organizations surveyed paid the ransom to recover data and end an attack, up 4% compared to 2022.
After payment, only 59% who forked out money were able to retrieve their data.
Not paying is often part of an organizations’ security protocol, yet of 80% who paid, 41% of these businesses have a ‘do not pay’ policy on ransomware.
With the rate and speed that organizations are getting hacked, it is time for organizations to stand strong against hackers and refuse payment. IT leaders can do this by taking the right steps, educating staff on being vigilant on suspicious links and implementing security measures.
Understanding the reasons behind organizations’ willingness to comply with ransomware demands is crucial to addressing what the dangers are when business leaders surrender to meeting ransomware demands.
The main reason is that many businesses are terrified of the reputational damage and concerns over data and monetary losses associated with being hacked.
While most organizations would have their data backed up, there is often only one copy made. Hackers know this, with 93% of attacks almost exclusively aimed at backups, effectively holding crucial data hostage, according to the Veeam 2023 Ransomware Trends report.
Unfortunately, giving into ransom demands just does not guarantee data retrieval, but also may even incentivize hackers to launch subsequent extortion tactics.
The same report also highlighted that cyber insurance has been a popular option that some organizations turn to. However, with 77% of ransom paid by insurance companies in the last year, the prices of premiums and deductibles have increased. This proves that insurance shouldn’t be relied on long-term to bail a business out of a ransomware attack. More importantly, cyber insurance does not protect a company from an incident and focuses more on the monetary value lost from an attack.
The role of cyber hygiene should be practiced across all levels of an organization.
For many data breaches, the cause of it is from an unsuspecting employee. From IT staff to employees to C-suites, it is important that individuals take precautionary measures and follow current best practices such as avoiding accessing sensitive information on public WiFi, not clicking on suspicious links and creating strong passwords.
Through sharing this responsibility, an organization can minimize the risks of operational interruptions, data compromises, data loss and ransomware attacks.
IT teams should look into locking down regular calls to keep employees updated on maintaining cyber hygiene and have a checklist, which can help keep track of established policies and processes.
Ransomware attacks are no longer a matter of if, but when. It imperative that data restoration and recovery time is optimized.
On average, the time-to-recovery after a ransomware attack was 3.4 weeks, which translate to 135 business hours of downtime, according to Veeam.
For many companies, they cannot afford to have long periods of downtime as it can impact revenue, increase customer distrust and lose critical data.
By taking a modern approach to data backup, such as backing up on-prem and in the cloud, organizations have the power to recover data from both servers at once.
It is crucial for organizations to stay vigilant and prioritise data security in an increasingly digital landscape.
By saying no to demands and implementing robust data backup and recovery measures, businesses can safeguard valuable assets and mitigate potential damages.