Despite years of preventative measures and evolving technology, ransomware events continue to increase in both size and scope. In fact, over time, it will become even more pervasive in our everyday lives. The cyberthreat is growing, especially as generative AI tools become more powerful. Meta announced an increase in malware aided by ChatGPT. Emerging technologies will only make ransomware more prolific – and there’s no way to stop them. The Veeam 2023 Data Protection Trends Report found that 85% of organisations were hit at least once by a cyberattack – up from 76% in last year’s study. What’s more, it’s likely that some of the organisations who believed they did not experience a ransomware event simply did not know they were under attack. Businesses need to stop viewing ransomware as an unexpected and chaotic occurrence. It is here to stay, much like an endemic, and your business will be impacted by it at some point. It’s not a matter of if, but when and how often.
Some experts tout cyber insurance as a panacea for ransomware. However cyber insurance doesn’t cover the unseen cost of downtime your business experiences after an event – and it also doesn’t recover your lost data. Cyber insurance is certainly part of a well-rounded cybersecurity strategy, but it’s not the be all and end all and the EMEA results of our 2023 Ransomware Trends Report shows that insurance policies are increasing in price and potentially decreasing in coverage. Those organisations with cyber insurance saw significant changes in their last policy renewals. 81% saw increased premiums, 38% witnessed increased deductibles, and 3% saw coverage benefits reduced.
So how do we ensure the world can live safely within it? The answer is for businesses to achieve endemicity, where a large proportion of the population is unsusceptible to infection.
According to the Veeam 2023 Ransomware Trends Report, 45% of production data will be affected by a cyberattack on average. For companies that paid a ransom to recover lost data, only 66% of affected data was recoverable. Basic math tells us that around 15% of an organisation’s production data is then unrecoverable after a ransomware attack. Paying the ransom doesn’t guarantee data can be restored, but it does set a precedent a cyber attacker will exploit, making any company who pays up a future target. Which is why it’s important to invest in a strategy that ensures data protection and ransomware recovery as standard.
So, what does a solid Data Protection and Ransomware Recovery strategy look like? It includes a number of components which can be summarised below:
- Data Identification and Flow Management
The first step is to identify and classify the organisation’s data and then understand how it is flowing from the source to the final destination. This reveals priorities and dependencies that will inform data protection strategy.
- Data Risk Management
In order to protect anything, we need to identify what type of risks and threats might affect data assets. Therefore, the second step in a data protection strategy is to list and classify those risks and threats and design measures to minimise and mitigate them. Data Risk Management should define a standard approach on how to classify and respond to any risks.
- Data Protection Policies and Procedures
Data protection activities must be documented, kept up to date, and audited regularly. Policies that explain in detail how the procedures for those activities should be implemented. Those policies should ensure that data is protected from core to edge. A core part of these policies and procedures is a detailed, regularly updated business continuity plan that should be tested to ensure it remains aligned to business and data recovery objectives.
- Cybersecurity Management
Cybersecurity management includes a wide range of security policies, processes, and procedures, designed to protect the organisation’s assets against cyberattacks such as ransomware. Those polices utilise a wide range of security technologies such antivirus, firewalls, backup, replication, physical/perimeter security systems, etc. A good start would be to review and study the NIST Cybersecurity Framework.
Veeam strongly recommends that organisations comply with the 3-2-1-1-0 ‘Golden Backup’ rule:
- Three different copies of data on
- Two or more different media
- One off-site copy and
- One copy that is either air-gapped, immutable or offline, with
- Zero recovery errors with automated recovery verification.
Fast recovery from secure, immutable backups makes all the difference when it comes to surviving any disaster – ransomware and cyberattacks are no exception.
- Confidentiality, Integrity, Availability
The CIA triad (Confidentiality, Integrity, Availability) is a model designed to guide policies for information security within an organisation. Each organisation should take it into consideration whenever evaluating any technologies they are looking to introduce and review how each technology fulfills those areas in the CIA triad.
- Data Access Management Controls
Data Access Management defines and implements policies that identifies the level of access to give for internal and external users to data as well as the access mechanism that those users should use. In general, the principles of least privilege and segmentation of duties should be followed.
- Monitoring and Review
Lack of visibility across organisation environments can lead to data loss, undiscovered malicious activity, and compliance violations. Therefore, any organisation should have real-time monitoring, ccomprehensive reporting and aautomated remediation systems.
Thus, a comprehensive Data Protection and Ransomware Recovery strategy ensures that you’re protected, and resilient in the event of a ransomware attack and is the only way to make your business is immune to its impacts.
Discussion about this post