Ransomware: Businesses Are Well Equipped But Underprepared

Uploaded on 2024-02-06 in TECHNOLOGY--Resilience, FREE TO VIEW

In a landscape where cybersecurity attacks are now inevitable, being underprepared is a recipe for disaster. Yet, despite the media being filled with cautionary tales of persistent malicious actors and unsuitable cyber defences, organisations have proven themselves seriously underprepared when it comes to recovering from one of today’s most prolific attack types: ransomware.

In a recent study by IDC and Kyndryl, which surveyed businesses with over 500 employees from a variety of sectors, 69% of respondents had suffered at least one successful ransomware attack in the last 12 months, and nearly a third had paid $50,000 to $100,000 to regain access to their data.

Only 28.2% of this group said they were able to recover their encrypted data from backup using the tools they already had, therefore not having to pay the ransom. Even more worryingly, 8% said that they could not recover all their data, regardless of whether they paid the ransom or not.

So, despite high-profile attacks targeting every industry, why are businesses still leaving themselves vulnerable?

The Illusion Of Preparedness

There are two ways to look at why enterprises are underprepared for ransomware. The first is the decades-long trend of consolidating infrastructure to high data availability platforms, and the second is the existence of increasingly stringent Service Level Agreements (SLAs) intended to govern that infrastructure. 

The lean towards consolidation is a necessary one as it has enabled data to move more freely through organisations and their networks, and it has motivated increased investment in clustering and storage replication, which guarantees high available easy access to this information. Though these highly replicated environments have unfortunate consequence in that it can rapidly propagate ransomware attacks from logical data corruption events.

As the infrastructure sees newly encrypted data, which the attacker intends to hold to ransom, as something which needs to be preserved, it can result in the attack propagating rapidly and all servers becoming encrypted.

In addition, the use of SLAs as a sign of preparedness can make an organisation vulnerable - while a dashboard full of green lights showing successful backups and data consistency can seem like a positive sign, it’s only impactful for some forms of risk. Successful backups do not always equal successful recovery, so these SLA’s need to cover both backup and test recovery if they are to provide confidence to an organisation.

But the outlook isn’t all negative - given the well-publicised nature of ransomware as a cyber threat, rates of adoption for tools like malware scanners, cyber tolerant backup and recovery software, and zero trust methodologies have been encouraging.

Yet, knowledge gaps remain in how these technologies are configured and managed, meaning they often cannot deliver what these businesses want and need if an attack strikes. 

Ransomware Recovery, The Right Way

To create a system that’s built to handle modern ransomware attacks, businesses need a Cyber Tolerant Recovery Solution that meets a few key attributes. The first is introducing an air gap to act as a firebreak for the propagation of compromised data during an attack, ensuring that backup data is physically separated from production data. Then, these backups should be stored in an environment with immutability and retention lock, which stops data from being changed or expired by a cyberattack once committed to disk. 

Next, verification is vital before triggering a recovery process from backup data. Using an anomaly scanner can detect indicators of compromise to improve defence against them. Then finally, all data storage and protection efforts are useless unless they help the business get back on its feet faster, and with less financial damage, than by paying the ransom. Therefore, organisations must be able to manage mass recovery and the handling of traffic tens of times greater than normal backup workloads.

Many businesses are already prioritising security investments in response to the rise in ransomware, so focus should be on adding to and reconfiguring their security, rather than outright replacing it.

To expand and improve data recovery capabilities, a holistic approach should be taken. This means identifying critical server and data volumes and which systems they are stored in, and pinpointing the systems that need to be recovered first, according to their unique business tolerance timelines. The business’ tolerance for data loss must be considered, given its huge effect on the cost of implementing a data recovery solution.

Lastly, organisations cannot forget data in cloud and SaaS solutions, as they are equally as vulnerable. Only by truly understanding its capability to recover data in the event of a ransomware attack can businesses adopt a comprehensive approach, allowing them to protect and recover more data, faster.

Duncan Bradley is Director of Customer Engagement, UKI Cyber Resiliency Practice at Kyndryl 

Image: Shubham Dhage

You Might Also Read:

Reimagining Your Cyber Infrastructure:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Cyber Attack On Georgia's State Government
Elections 2024 - Fake News & Misinformation   »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Spiceworks

Spiceworks

Spiceworks provide a range of free apps for IT professionals including network inventory, network monitor, and help desk.

RSA Insurance Group

RSA Insurance Group

RSA is one of the world’s leading multinational quoted insurance groups. Commercial services include cyber risk insurance.

Cigniti Technologies

Cigniti Technologies

Cigniti Technologies provides Independent Software Testing (IST) Services including software security testing.

ClickDatos

ClickDatos

ClickDatos specializes in consulting, auditing, data protection training, accredited by ISO/IEC 27001 certification.

Thomas Miller Specialty

Thomas Miller Specialty

Thomas Miller Specialty is a commercial Managing General Agency providing specialty risks insurance including Cyber & e-crime insurance.

J2 Software

J2 Software

J2 Software is a leading African Information Security and ICT business providing information security, governance, risk and compliance solutions.

e-End

e-End

e-End provides hard drive shredding, degaussing and data destruction solutions validated by the highest electronic certifcations to keep you compliant with GLB, SOX, FACTA, FISMA, HIPAA, COPPA, ITAR.

MythX

MythX

MythX is the premier security analysis service for Ethereum smart contracts.

Centre for Multidisciplinary Research, Innovation & Collaboration (C-MRiC)

Centre for Multidisciplinary Research, Innovation & Collaboration (C-MRiC)

C-MRiC collaborates on initiatives, ranging from national cyber security, enterprise security, information assurance, protection strategy, climate control to health and life sciences.

VectorUSA

VectorUSA

VectorUSA is a premier technology solution provider. We design, build and maintain cybersecurity, data center, wireless and managed solutions – transforming business needs into technology solutions.

Acmetek Global Solutions

Acmetek Global Solutions

Acmetek is a Global Distributor and a Trusted Advisor of PKI /IOT & SSL Security Products and a Managed Services Company.

SECUINFRA

SECUINFRA

SECUINFRA has been supporting companies in detecting, analyzing and defending against cyber attacks since 2010.

Solvere One

Solvere One

Solvere One is a managed service provider (MSP) focused on corporate consulting and partnership.

Womble Bond Dickinson

Womble Bond Dickinson

Womble Bond Dickinson is a transatlantic law firm, providing high-quality legal experience and outstanding personal service from key locations across the United Kingdom and United States.

Aprio

Aprio

Aprio is a premier business advisory and accounting firm. We deliver advisory, tax, managed, and private client services to build value, drive growth, manage risk, and protect wealth.

Arctera

Arctera

Arctera simplifies data management to keep you secure. Our company operates as three units - Data Compliance, Data Resilience, and Data Protection.