Ransomware: When potential becomes reality, fast recovery is priority
By Matthew Johnston, Area Vice-President of Asean and Korea for Commvault
We’ve all heard the warnings from industry gurus about the potential threat of ransomware. On May 12, those “potential” threats turned into reality.
WannaCry, a worldwide cyberattack is the largest to date, affecting businesses in more than 100 countries and counting.
Petrol stations in China halted mobile payments while 400 computers in a Jakarta hospital were affected, blocking access to patient records. With public service, government and commercial businesses being affected, the question arose – “Is my business truly protected?”
This event certainly solidifies the reality of the world in which we live. Once attacked, there are only two options: pay a fee to unlock your content or implement your data recovery plan – and do it fast. Having a data recovery plan has always been a must, but what was once good enough, may now leave you exposed in this new reality.
Based on our experiences working with companies around the world, we have developed a list of best practices to protect and recover from ransomware attacks.
- Develop a program that covers all your data needs. You must identify where your critical data is stored, determine your workflows and systems used to handle data, assess data risks, apply security controls, and plan for evolving threats. If it is not protected, it cannot be recovered.
- Use proven data protection technologies. You need solutions that detect and notify of potential attacks, leverage external CERT groups, identify and prevent infection, maintain a “GOLD” image of systems and configurations, maintain a comprehensive backup strategy and provide a means to monitor effectiveness.
- Employ Backup and Data Recovery (DR) processes. Don’t rely solely on snapshots or replica backup. Your backup process data could just as easily be encrypted and corrupted if it is not stored in a secure way where a ransomware attack. If your process or vendors don’t offer ransomware protection that addresses the proper way to store your data, then your backup plan is at major risk.
- Educate employees on the dangers of ransomware and how to secure endpoints. Ransomware invasions often originate through endpoints, such as desktop computers, laptops, smartphones, tablets or fringe computing resources. Educating your staff is key. Train your staff on all data recovery and security best practices to get endpoint data protected within your Information Security Program. The strength of an organization lies in your weakest link, with most breaches arising from simple human error.
Assess and update any business application
Most organizations suffer from key business applications that run on older, sometimes unsupported and unpatchable operating systems, which lack the necessary security updates to stop the spread of potential attacks. To combat this, businesses must invest in a data platform that covers core enterprise, private and public cloud environments, and extends to endpoint protection. One that can store immutable, up-to-date copies of all these environments to ensure the ability to recover rapidly, should disaster strike.
Evaluating your current ransomware threat readiness and applying these key steps will make sure your organisation is doing everything possible to avoid turning the long-term consequences of ransomware attacks from potential to reality. The goals, if affected, are to minimize the consequences, get your data back and your business up and running quickly.
Don’t let the new reality of ransomware win. While there is no foolproof solution, develop your plan, use tried-and-true technologies to recover, ensure your disaster recovery plan is rock solid and fast, and educate your users to recover from such incidents.