Ransomware attacks have become the cybercrime du jour, affecting a growing number of organisations nationwide.
An easy, low-risk way for criminals to exploit almost any network intrusion, ransomware is a type of malware attack that prevents organisations from accessing their own data or computer system until they pay a ransom to obtain a decryption key.
According to a CNN report, ransomware events collected $209 million in Q1 2016, and are expected to collect $1 billion in 2016. The FBI estimates that attacks using the CryptoWall variant of ransomware accrued over $18 billion by June 2015. And, in the first quarter of 2016 saw quadruple the attack rate seen whole of last year.
No industry is immune from ransomware attacks although some, such as healthcare, have been especially hard hit.
>See also: Live webinar: How to combat ransomware
An April 2016 ransomware attack at Maryland’s MedStar Health hospital network forced ten of its hospitals to operate without access to their central networks for more than a week.
Following a ransomware attack in February 2016, Hollywood Presbyterian Medical Center paid $17,000 in bitcoin to recover its data.
With ransomware attacks on the rise, organisations of all sizes have found themselves vulnerable and struggling to reduce risk or respond to an attack.
Opening the door to attacks
There are a number of security vulnerabilities that leave computing networks open to ransomware. Most incidents involve an unsuspecting individual clicking on a tainted link or email attachment.
Systems with out-of-date or misconfigured software can also be compromised to help spread ransomware. While Windows computers have been a big target, Android and Mac systems have been targeted as well, meaning that no computing platform is safe.
“The big issue at the end of the day is if there is any security hole, someone out there knows about it and is going to try to exploit it, and it’s always going to be the people you don’t want,” says Dave Packer, VP of product marketing at Druva.
The widespread use of mobile devices by today’s workforce has also escalated the risk of malware attacks.
While many companies are protected by a corporate firewall, employees are now connecting to enterprise data and services using their own weakly protected mobile devices.
Likewise, the deployment of unsecured mobile applications for employees and customers has created new opportunities for attacks.
Organisations may be tempted to cross their fingers and hope they won’t be targeted. Unfortunately, the chances of ransomware or other malware attacks are very high, with serious consequences for organisations that fail to take preventive action.
In addition to paying a stiff ransom, victims may suffer costly business downtime and, in some industries, fines and penalties for data breaches – not to mention a loss in reputation as well.
All of these can be very expensive in their own way. It likewise takes time and money to respond reactively to incidents when there’s no viable plan in place.
Companies that pay the ransom to recover their data still face the threat of significant data loss if their files are altered during the decryption process, especially if an organisation is under litigation as it poses the risk for data spoliation.
And don’t forget that many victims of ransomware never recover their data even if they do pay the ransom.
Druva’s data protection experts have outlined six proactive steps that IT can use to keep data safe. These steps provide the foundation of a backup plan that is highly efficient, seamlessly executed and unnoticeable to the end user.
1. Protect distributed data: ‘How’
An enterprise-grade automated backup solution that performs regular backups across devices, desktops and cloud apps, such as Office 365, will protect distributed data and act as an insurance policy in case of a ransomware strike or other intrusion.
Make sure to select a cloud-based backup solution, as it provides off-site storage. Off-site storage that leverages any of the AWS or Azure storage locations not only provides off-site capabilities but also complies with local data residency laws by storing it in the same region.
2. Backup distributed data: ‘Who’
Does your current backup plan cover 100% of your user base, including geographically distributed teams?
To reduce your exposure to potential data loss, review and validate the deployment scope of your backup plan to ensure that your backup solution deploys automatically to all end users needing protection.
At a minimum, you should ensure that key users are covered by your data protection policy.
3. Review the scope of your data backup: ‘What’
What are you backing up? You’re probably protecting desktops and email, but what about other user-specific data sets such as profiles, system and app settings, or folders?
Druva recommends that organisations review, validate and, as needed, modify backup content to ensure that all important data for protected users is backed up.
If you need a more comprehensive plan, you should consider creating custom folders where users can store data for backup and further reduce data loss.
>See also: The evolution of ransomware: what lies ahead?
4. Check backup frequency across distributed teams: ‘When’
How often are you backing up? Every two days? Eight hours? Four hours? Do you need an even more aggressive schedule for executives?
Review, validate and, if needed, modify backup frequency to ensure automated, periodic backup of mission critical data for all protected users.
As a general rule, backup data at minimum once every four hours, and every two hours for key users. You may also want to select a different backup frequency depending on the requirements of specific users and teams
5. Validate your retention policy: ‘How long?’
How long are you keeping your backups? 14 days? Seven weeks? Six months? Review, validate and, if needed, adopt a longer retention policy to meet internal objectives and ensure a sufficient recovery point objective (RPO), especially for key people and departments.
Your data retention policy may vary depending on your industry, regulations and internal IT policies. IT, legal and compliance teams may need to weigh in on data retention needs.
6. Re-assess policies periodically: ‘Looking ahead’
While the preceding measures might provide sufficient protection for the foreseeable future, revisit your backup policies approximately every six months to ensure that they meet your organisation’s needs. IT often has the primary responsibility for this routine and, in some cases, acts in coordination with the legal team.
