Developing an effective ransomware strategy: protecting big data

This is a guest blogpost by Brian Brockway, Chief Technology Officer at Commvault.

The ransomware landscape has evolved significantly in recent years, with cybercriminals employing increasingly sophisticated – and effective – strategies to maximise impact and income. As organisations grapple with these rapidly evolving threats and vulnerabilities, it is essential that they implement effective data protection and recovery systems to meet the particular risks presented by ransomware threats head-on.

Given the alarming volume of cybersecurity incidents, it’s no longer sensible to operate with a ‘what if?’ mindset. Indeed, recent industry research has revealed that March 2023 broke ransomware attack records with over 450 incidents. Working on the assumption that attacks are practically inevitable for every organisation means it’s now a question of how often incidents will occur, rather than if or when.

As a result, cybersecurity strategies are not just focusing on prevention but also on the technologies and processes that can mitigate the impact of an attack. In practical terms, this means that effective data protection and recovery solutions must work alongside other robust security measures, employee education, and proactive monitoring in order to detect and respond to threats quickly.

Big challenges for big data

The sheer scale of contemporary data storage strategies means that backup and recovery have taken on a new level of mission-critical importance. For those organisations that rely on large datasets to conduct business, the stakes are higher than ever. For instance, cybercriminals often target big data repositories in order to hold vital assets hostage – a problem accompanied by the potentially devastating impact of data corruption.

To prepare for potential ransomware attacks, organisations should implement a range of proactive data protection recovery options:

• Implement comprehensive threat intelligence and incident response plans. These plans should detail how the organisation will detect, contain, and respond to a ransomware attack. Having a well-defined plan in place can help minimise the impact of an attack and enable a quicker recovery.
• Invest in intelligent indexing and data analysis to separate good data from bad. In the aftermath of an attack, this can help organisations identify corrupted or encrypted data and, by doing so, help them prioritise the restoration of critical assets.
• Evaluate storage technology options based on factors such as cost, performance, and capacity. Striking the right balance is essential to ensuring IT teams can anticipate future requirements and avoid the need to revise their strategy during a crisis situation.
• Embrace immutability. Ensuring that backup data remains unchangeable for a set period of time can help protect backup data from being altered or encrypted by ransomware. Immutability is a key component of an effective anti-ransomware strategy because ensuring that backup data is under a time lock and cannot be changed guarantees that it remains sound and intact. This is crucial for organisations counting on these copies of data to recover from an attack.
• Develop a strategy for hot and cold data. There are also specific data backup and protection issues associated with hot and cold data. To recap, hot data is readily accessible and more likely to be targeted by cybercriminals, whereas cold data is stored in an inert state, meaning it cannot be easily accessed or altered. As a result, storing backup data in a cold state can provide an additional layer of security, as it cannot be easily compromised. Despite the advantages this offers, organisations must be cautious when restoring cold data, as malware may still be present. Running a malware scan before restoring data can help mitigate this risk.
• Educate employees and implement cybersecurity best practices. One of the most critical methods for preventing ransomware attacks is employee education. For instance, employees should be trained to recognise phishing attempts, avoid clicking on suspicious links, and be in a position to report any suspicious activity. Additionally, organisations should implement cybersecurity best practices, such as using strong, unique passwords, enabling two-factor authentication, and keeping software up-to-date with the latest patches and security updates.

Data recovery: leveraging technology and best recovery practices

In the event of a successful ransomware attack, organisations must be well prepared so they can recover their data efficiently and effectively. This involves leveraging the right technology and following best practices, such as:

• Testing backup and recovery processes regularly to ensure they are functioning correctly. This should include simulating ransomware attacks and verifying that data can be restored successfully.
• Utilising a robust backup and recovery solution with rapid restore capabilities. The faster an organisation can recover its data, the less likely it will be to pay the ransom and the lower the overall impact of the attack.
• Establishing a clear communication plan for internal and external stakeholders in the event of an attack. This includes informing employees, customers, partners, and relevant authorities as appropriate and in line with compliance regulations.
• Implementing a layered security approach. This involves using multiple security technologies to protect different aspects of the organisation’s infrastructure. This can include firewalls, intrusion prevention systems, endpoint protection, and network segmentation.
• Engaging with law enforcement and cybersecurity experts for assistance in responding to and recovering from a ransomware attack. These experts can provide valuable guidance and resources for navigating the complex process of data recovery and system restoration.

As ransomware threats continue to evolve, organisations must remain extremely proactive in protecting their data and developing effective recovery strategies. By leveraging technology, embracing immutability, and implementing best practices for data protection and recovery, they can better prepare for the risks while also minimising the potential impact of an attack.

A well-rounded approach that combines robust security measures, employee education, and ongoing monitoring is crucial to staying one step ahead of cybercriminals and safeguarding valuable data assets.