Cyber security: Migrating data to prevent ransomware attacks

Organisations need to encourage people to become more proactive when it comes to cyber security issues, which threaten to disrupt day-to-day business operations Cyber security: Migrating data to prevent ransomware attacks image

Ransomware is moving on – to attack organisations’ back-ups. The problem is that there is too much focus on anti-virus software, and so people are being reactive rather than proactively defending themselves against cyber attacks. It’s time to re-think how to migrate and store data securely by creating new cyber security strategies with the inclusion of air gaps.

By creating air gaps between back-ups –with some of the data being stored offline and disconnected from any other data source, it becomes possible to protect critical data. So, when a ransomware attack occurs, it should be possible to restore your data without much downtime – if any at all.

Challenging task

While this is very good advice, life’s not so simple. Organisations therefore find themselves taking one step forward and then one step back. It is always a cat and mouse game with malware of any sort. Once a hole is found to exploit a security weakness, a patch is quickly needed to close it.

Traditionally, the ransomware has targeted the storage subsystems which has spurred organisations into having robust backup procedures in place to counter the attack if it gets through.

>See also: The global ransomware attack a cyber wake-up call

Backup programs and their associated storage will be next on their target. Unwittingly everyone has made it slightly easier for cyber-attackers with the trend to move away from tape storage to disk storage.

Back prevention

Consequently, the battle rages on. Prevention is nevertheless still better than a cure. Organisations therefore need to be more proactive than they ever have been. So, this must be achieved by protecting data in ways that allows it to be readily recovered whenever a ransomware attack, or some other cyber security issue, threatens to disrupt day-to-day business operations.

Clive Longbottom, client services director at analyst firm Quocirca explains: “If your backup software can see the back-up, so can the ransomware. Therefore, it is a waste of time arguing about on-site v off-site – it comes down to how well airlocked the source and target data locations are.”

He agrees with the view that there is too much focus on anti-virus software, claiming that it is very difficult to protect organisations against such attacks. “Education only partially works – newer approaches (ML, AI, etc) are needed to pre-empt and block any encryption attack”, he says.

Layers of defence

However, to defend against any cyber attack there needs to be several layers of defence. That doesn’t matter whether the technology involved is being used in the NHS for medical purposes or within the military. The layers of defence in my view consist of a firewall, anti-virus software, backup, and your last layer of defence must be the most robust of them all to stop any potential costly disruption in its track before it’s too late. So, anti-virus software must still play a key defensive role.

>See also: Ransomware, cyber insurance and cryptocurrency: are you covered?

Longbottom nevertheless warns: “A ransomware attack is pretty brutal. It requires a lot of CPU and disk activity. It should be possible for a system to pick up this type of activity and either block it completely, throttle it, or prevent it from accessing any storage system other than ones that are directly connected physically to the system.”

Malware attacks are more akin to one step back one forward as the malware thrusts and then software parries. Each time when one of the layers of defence parries the developers of the malware will try another out-flanking movement to test the defences.

Secure data migration

So, how can organisations securely migrate their data and systems to protect themselves against ransomware and other cyber attacks? Longbottom says they can’t, and adds his thoughts about how organisations can complete these tasks:

“Airlocked sources or target data systems are a starting point, but the airlock has to be broken to allow backups to occur. The best approach is two-stage: a back-up to a first stage, with the source then being broken from the back-up, and a new backup of the first stage then being made to a second stage, after which that connection is broken. At all times, there will therefore be one backup that is securely removed from the rest of the system – but you can’t do real-time snapshots.”

Changing disasters

Yet for years larger organisations have implemented disaster recovery plans to protect themselves from natural disasters. This has involved moving and storing a recovery set of data far enough away to mitigate any disaster.

>See also: Held hostage: the rise of ransomware

Many smaller companies have never had this ability; nor have they had the financial resources to implement such plans. However, the nature of a disaster has changed from just natural to man-made cyber attacks. Several ransomware programs are therefore attaching the back-up data sets getting data off site is becoming imperative for every organisation.

The recent developments with cloud storage and Disaster Recovery-as-a-Service (DRaaS) vendors, and the ability to create and manage offsite data sets are within the financial scope of pretty much everyone. Yet the cloud is open and the data flows across the open internet, so it is imperative that data is encrypted as it transverses the internet on its way to the cloud.

ML and AI systems

Longbottom replies: “There is a strong need for machine learning (ML) and artificial intelligence (AI) systems to be able to deal with ransomware attacks in real-time to prevent them from carrying out encryption.”

However, as the backup data set in many cases is the last layer of defence, having that air gap is vital. Think of it as pulling up the drawbridge on a castle; so, make your back-ups your data castle.

Data acceleration

Given this, how can data acceleration enable secure data migration compared to any traditional means of back-up and restore? When everything goes wrong, you should recover the time taken to recover the data. Putting distance between your data centre and your off site recovery depository will affect the ability to maximise the bandwidth of your connection due to latency and packet loss.

>See also: Ransomware represents ‘25% of cyber attacks’ as hackers target UK

Some cloud backup and gateway appliances will improve the performance of the data being passed to the cloud by caching and compressing the data before sending it to the cloud. This means you may not have a valid backup until this whole process has been completed. Equally so, there I no performance improvement when pulling data from the cloud.

Wide area network (WAN) data acceleration solutions such as PORTrockIT can enable the secure and encrypted transmission of data for backup and storage in ways that WAN optimisation can’t achieve. This also allows data centres and disaster recovery sites to be located miles away from each other, and without being slowed down by data and network latency. Packet loss is also reduced.

Traditional approach

Traditionally, data centres are position in close proximity to each other to tackle the impact of latency. That’s fine and dandy, but for the fact they are all to often situated within the same circles of disruption. This increases the financial, operational and reputational risks associated with downtime. Ideally, just as there is a need for the prevention of cyber-attacks, the focus should be on business and service continuity – leading to better customer satisfaction, saving costs and brand reputations.

That said, my top tips for migrating data to prevent ransomware attacks are as follows:

 The more layers you can add the better.
 User education – normally it is us that is the weakest link.
 Back-up is you last layer of defence – plan it, test it, update it regularly.
 Have a copy off site so they can’t get to it – tape or cloud but don’t leave the drawbridge down.
 Plan you backup process for your recovery requirement.

>See also: Cyber espionage and ransomware attacks are on the increase – Verizon

Humans: Too predictable

Longbottom concludes: “Education is only useful as a stopgap. Humans are too unpredictable (or, actually, too predictable in how useless they are). Much better to go for automated systems – if you can get them. New anti-ransomware systems are coming through – but it is difficult to figure out how effective they are until a massive attack is thwarted by them.”

Thankfully though, data acceleration can ensure that data can be backed up and retrieved more quickly than ever before. The final tip is to use at least 3 disaster recovery sites to back up data. So, if one goes down, two others can keep you operational – and that’s even better when disaster recovery is achieved seamlessly with the help of artificial intelligence and machine learning.

 

Sourced by David Trossell, CEO and CTO of Bridgeworks

Latest news

divider
Data Analytics & Data Science
Data gurus comment on Revoke Article 50 petition

Data gurus comment on Revoke Article 50 petition

22 March 2019 / “You have to take the data with a pinch of salt, especially as the second [...]

divider
Technology
Globant: a reinvention of the professional IT service provider

Globant: a reinvention of the professional IT service provider

22 March 2019 / Globant are what Martin Migoya describes as a “reinvention of the professional IT service provider”. [...]

divider
Releases & Updates
DocuSign introduces cloud-based offering to automate business agreements

DocuSign introduces cloud-based offering to automate business agreements

22 March 2019 / Following a successful year as a public company, DocuSign is broadening its horizons and expanding [...]

divider
Cybersecurity
AI: A new route for cyber-attacks or a way to prevent them?

AI: A new route for cyber-attacks or a way to prevent them?

22 March 2019 / Artificial intelligence (AI) and its subset machine learning are being hailed by experts as a [...]

divider
Diversity
Women in tech: the challenges, the motivations and closing the gap

Women in tech: the challenges, the motivations and closing the gap

22 March 2019 / Ahead of Information Age’s Women in IT Awards New York, we caught up with Holly [...]

divider
Cybersecurity
Parliament Street debate: Is the UK’s cyber security industry pulling its weight?

Parliament Street debate: Is the UK’s cyber security industry pulling its weight?

22 March 2019 / According to a report by the UK Government in 2018, there were between 30,000 and [...]

divider
Data Analytics & Data Science
Overcoming legacy and more stringent regulation with data science

Overcoming legacy and more stringent regulation with data science

22 March 2019 / There are couple of important areas that the financial services industry is particularly interested in [...]

divider
AI & Machine Learning
Opening the door for more human-like conversations with bots

Opening the door for more human-like conversations with bots

22 March 2019 / Voice-enabled-everything is a dominant theme at any tech show. We have moved on from mere [...]

divider
Business Skills
CTO view: the growing convergence of information technology and operation technology

CTO view: the growing convergence of information technology and operation technology

21 March 2019 / Delving into the role of the CTO, Information Age is on a mission to understand [...]

Do NOT follow this link or you will be banned from the site!

Pin It on Pinterest