The attacks on Colonial Pipeline and SolarWinds are among the most well-known cybercrimes of the past few years because of the devastating, widespread and long-lasting impact of those breaches. The Colonial Pipeline ransomware attack, which shut down a major fuel supply pipeline, was caused by a single compromised password used to access the firm’s VPN. In the SolarWinds breach, hackers inserted malicious code into software used to manage IT systems by thousands of government agencies, including the Department of Homeland Security and enterprises such as Microsoft, Cisco and Intel. The situation is dire, and it is only getting worse.
Remote workers connecting to company networks via insecure home networks and personal devices are opening up new vulnerabilities. Last year, cyberattacks against corporate networks increased 50% compared to 2020, according to Check Point Research. Data from IBM shows that more than half of data breaches resulted from malicious cyberattacks, but accidental breaches caused by human error and system glitches accounted for almost as many. Clearly, organizations must rethink their approach to data security and tighten their defenses against both accidental failures and increasingly sophisticated attacks.
Yet there are several strategies enterprises can adopt to lay a solid foundation for safeguarding their business. See More: Joining Forces: A Public-Private Sector Collab Against Cybercrime Control Access First Every organization should have strong controls on who can access data and systems. Granting suppliers or partners access to corporate information and systems can be a mistake, as supply chain attacks increasingly demonstrate. If any user does not have a legitimate business need, then they should not have access to that data. The most secure networks in the world are still vulnerable to human error. If one user enters an errant keystroke or click, fails to follow a security protocol or falls for a phishing scheme, that person may compromise the integrity of your data or even the whole network. Weak or stolen credentials or network access from an unauthorized user or unsecured mobile device are just two examples. Rigorous education can help inculcate best practices in users, but that is not enough. Humans are fallible. The best way to secure networks and data is to limit access to only those who need it.
Adopting a zero-trust policy that allows only authenticated, continually verified users to access your IT systems and services can greatly mitigate the risks. Multifactor authentication can play an essential part. Users should have to authenticate in at least two ways – using a PIN, physical token, biometrics or trusted devices — especially when so many employees are working remotely on weakly protected home networks or mobile devices. Tightening the authentication process makes it harder for bad actors to find a way past your defenses. Prepare for the Worst-case Scenario A breach may very well occur at some point, despite your precautions, and you must prepare for that eventuality. In the first half of 2021, ransomware attacks reported to the FBI climbed 62% over the year before. A 2021 report from Sophos shows that 37% of organizations surveyed had been struck by ransomware within the past year. Paying the ransom does not guarantee that files will be recovered, and it certainly does not protect against future attacks. In fact, paying up encourages them, emboldening the hackers to either strike your organization a second time or use the funds you provided to accelerate their attacks on others. A backup will not save you, either. A modern backup solution might protect your data, but it will fail your business.
The problem is not the backup itself but the recovery. At the scale of a single application or process, recovery is very straightforward, with files copied back to their original location or a new location, if needed. At this small scale, recovery from backups can be effective. But the more files there are to recover, the more time the process consumes. At the enterprise scale, it can take weeks or even months to restore data from backups fully. This is especially true when recovering from a distributed ransomware attack that hits multiple sites at the same time. IT is forced to prioritize some locations or groups over others. Rapid Recovery through Continuous Versioning The approach used in many platforms is a type of file-system versioning that restores files to a previous, non-corrupted state.
Unfortunately, these systems often provide a limited number of versions, which may only go back a few days. This is usually not far enough for proper ransomware recovery. Sophisticated malware can go undetected for weeks or more before initiating an attack. The solution is a continuous versioning file system that leverages the cloud’s massive scalability and redundancy. This can offer infinite versions for recovery – within minutes of any point in time – even in highly scaled-out environments. With global file synchronization, these capabilities can extend worldwide and enable a company to restore its data in mere minutes. If a threat manages to compromise a particular data store, others can be accessed, enabling operations to continue with barely a pause. These reserve copies of data are often only minutes old, so the impact on the data environment after restoration is minimal.
Consider Your Position Enterprises should consider replacing outdated data protection policies with new solutions purpose-built to deliver rapid, full recoveries from ransomware and other attacks with minimal disruption to the business. Organizations at every scale should be in a position to recover within minutes or hours of an attack – there are no longer any excuses for days or more of downtime. If your data protection solutions provider tells you otherwise, you are working with an outdated technology not built for the cloud era.
Although robust prevention and protection solutions are essential defense strategies, they only represent one piece of a solid overall strategy. No defense is foolproof. Hackers will find a way inside. Once there is a breach, the damage is done, and the floodgates are wide open. Enterprises need a fast, reliable recovery plan in place. Cyberattacks will continue. They will become more sophisticated. You must do the same because if not, your business could be easy prey for the growing ranks of cybercriminals.