Understanding what exactly are the risks posed in a cyber arms race is half the battle.
As more and more people have used virtualised environments the cyber threat has changed.
Now you could lose all of your virtual environment, whereas before one of your servers would go, and you would just lose an application.
With so much at stake it is important to reinvigorate cyber security and disaster recovery (DR) systems to level the playing field against the marauding ransomware invasion.
Information Age spoke to Peter Groucutt, managing director at Databarracks (a DR and backup service company), about this growing threat, and what solutions they are developing to combat them.
Why are cyber attacks on the rise?
In the last couple of years, we have had 20 to 30 customers every year being subjected to some form of cryptovirus, or cyber attack which then requires a complete system restoration.
Mass crime is going online.
Organised gangs are becoming much more involved, it’s part of their business and money making strategy.
The reasons for this is because it is very lucrative, it’s low risk, and they can work globally. It’s a very attractive activity for these criminals to get involved with.
It’s only going one way.
Are the existing DR solutions resilient enough to protect against these quickly changing threats?
Traditional disaster recovery isn’t optimised for cyber-attacks.
Recovering from ransomware would mean trawling through historic versions of backups in order to find clean data then starting a lengthy recovery process.
It’s an evolving arms race now between the systems detecting these threats and the cyber criminals who are developing more and more sophisticated methods of these attacks.
What are the solutions?
Well part of it rests in technology, by blending aggressive scanning and detection technologies with pro-active continuity planning.
Changing established processes can help as well.
For example, combining Databarracks’ DRaaS platform with Trend Micro’s deep security automates the process of finding the most recent clean replica of an organisation’s production systems.
This can aid the systems recovery time, whilst automatically recovering to the most recent recovery point.
There are various other mechanisms that can be employed to protect the customer, like, for example, targeting the infected machine and cleaning it in a sealed sandbox in situ.
Using these methods we could detect up to 80-90% of cryptoviruses.
Industry mindset regarding cyber threats also needs to change.
Sharing cyber threat intelligence would be a worthwhile avenue to explore, especially when it is a non-technology based attack, like social engineering [human to human manipulation].
Ultimately, cyber threats aren’t going anywhere.
We understand the increased importance of protection at the perimeter, and it’s time for organisations to be proactive about their cyber security and business continuity.