The word ransomware strikes fear into the hearts of most businesses, and justifiably so.
Ransomware attacks are a major concern for organisations of all sizes everywhere. Locally, ransomware attacks are on rise and culminated recently in high-profile attacks on prominent Australian businesses and government organisations.
Why ransomware is here to stay.
The ability of malware to encrypt your files, rendering them inaccessible until you pay out an eyewatering ransom, is a significant threat. As is the promise to release stolen data to the public.
While we’d all like to think that the goodies are keeping pace with the baddies, it’s impossible to deter threat actors who are motivated by huge payoffs, low costs, and a great ROI. Countering internal unreliability is also a challenge; it only takes a moment’s inattention to click the wrong link or open a malicious email. And remote working doesn’t help – 47% of individuals fall for phishing scams while working from home.
So, what do you need to know about ransomware?
- It couldn’t be more serious. In 2020 alone, $350 million in ransoms were paid out, with an average downtime of more than 16 days. Gartner and Nasdaq cite cybersecurity (and ransomware in particular) as the leading concern for businesses. Over anything else.
- Ransomware is now commoditised. According to NetApp, ransomware is now offered to attackers ‘as-a-service’ (RaaS). Attackers can subscribe to a ransomware service for as little as $100 per month. Like any ‘SaaS’ service, support plans are included to ensure that attackers can extract the maximum value from the service.
- It’s a real business, not a side hustle. NetApp also says: ‘Forget the stereotype of hoodie-wearing malefactors in dark rooms; this is a sophisticated network comparable to any corporate partner program.’ That means affiliate programmes, the works.
- Your people are still the weakest link. Ransomware most commonly enters organisations through employees opening or responding to phishing emails, clicking on infected attachments, or links to malicious websites.
- It’s like printing money (for the criminals, anyway). A Cybersecurity Ventures report predicts that ransomware will cost its victims more than $265 billion (USD) annually by 2031, and there will be an attack every 2 seconds. Yes – every 2 seconds.
Why does using a hybrid multi-cloud environment make you potentially even more vulnerable?
Hybrid multi-cloud environments consist of a combination of on-premises, public cloud, and private cloud infrastructure. As a result, you can take advantage of the scalability and cost-effectiveness of the public cloud while maintaining control and security of your sensitive data in a private cloud.
The bad news? Michael Whelan, MD at Amidata said ‘A hybrid multi-cloud environment offers multiple entry points for ransomware attacks, which makes detecting and preventing attacks much harder. We have found many organisations lack the visibility and control needed to adequately secure multiple cloud environments.’
With multiple cloud providers and on-premises infrastructure, monitoring all the different components and ensuring they’re properly configured can be challenging. Additionally, it’s a struggle to keep up with the constant changes and updates to cloud infrastructure, exposing you to known vulnerabilities.
A lack of standardisation in security protocols and tools can also leave your environment vulnerable. As each cloud provider has its own set of security controls and tools, it’s difficult to implement a consistent security strategy across all the different components – leading to gaps in coverage and a lack of visibility into your overall security posture.
So, how can you plug the gaps in your hybrid multi-cloud environment?
The good news is that it can be done: You can take the fear out of ransomware.
Obviously, user awareness and training are always at the top of the list when it comes heading ransomware attacks off at the pass. But you need more to safeguard every endpoint, fend off zero-day malware attacks, have real-time visibility of what’s happening where, and of course, get back in business after an attack – fast!
In short, your security solution needs to be as multilayered and far-reaching as the ransomware problem itself. Critically, it needs to enable your data recovery within minutes – without paying a ransom. So, what do you need? Here’s our suggested checklist:
- Centralised monitoring – Look for a simple IU to monitor your hybrid cloud infrastructure, identify threats, and start remediation with a ransomware protection dashboard.
- Logical air gap – For secure file and object locking, preferably with native WORM (write once, read many) capabilities to prevent data from being deleted during the retention period, even by compromised administrator accounts.
- Rapid recovery – You’ll need immutable snapshot copies to restore your data in seconds, not hours!
- Autonomous ransomware protection – For rapid discovery and remediation of cyber threats by using machine learning technology to monitor the file system for anomalies, which can detect slow-moving malware.
- User behaviour anomaly detection – Real-time anomaly detection to identify compromised user accounts or possible rogue behaviour, automatically create data recovery points and block further account access to prevent data theft or mass deletion.
- Zero Trust compatible – Adopt a zero-trust approach to security with controls such as multifactor authentication, role-based access, comprehensive logging, and auditing to protect against ancillary attacks.
- Rogue administrator prevention – To prevent compromised administrator accounts from causing damage with native multi-administrator verification (so permission is needed from more than one administrator to authorise critical storage actions such as the deletion of volumes and snapshot copies).
- Advanced copy management – You’ll need enhanced backup and disaster recovery by replicating your snapshot copies efficiently to another system or object storage of your choice—on-premises or in the cloud.
- Risk mitigation – Including visibility into the security posture of your data, the ability to identify sensitive data and its location, track folder permissions and provide options for mitigating potential risks like data exfiltration.
- Forensic analysis – Pre- and post-ransomware event forensics to provide the insights you need to understand, manage, and close attack pathways.
While ransomware isn’t going anywhere, it is possible to protect your environment, mitigate the operational, financial, and reputational damage that cyber criminals can do. With the right solution (and we’ll name-drop NetApp ONTAP here) comes peace of mind – for you, your clients, and your business partners.
In partnership with NetApp.