Fighting ransomware starts with KYE (know your enemy)

ransomware know your enemy
Image by TarikVision | Bigstockphoto

Fighting ransomware requires more than offense and defense. You also need to take the time to ‘know your enemy’ to take the needed steps to protect your data.

Ransomware is now a new Public Enemy No. 1 for businesses – attacks on enterprises of all sizes have been on the rise. The Cyber Security Agency of Singapore reported that ransomware cases increased 54% in 2021 compared to 2020, with mostly small-and-medium enterprises (SMEs) emerging as targets.

Accelerated digitalisation has transformed the ASEAN region into one of the fastest-growing digital economies of the world, making the region a prime target for cybercrimes. Kaspersky reported about 2.7 million ransomware detections in ASEAN during the first three quarters of 2020.

No organisations in any country can escape the constant threat of the rapidly evolving ransomware attacks. Threat actors are well organised and skilled, often have sophisticated new attack methods and patterns, putting businesses that do not understand the nuances of ransomware at high risk of their invaluable data being locked, altered, leaked, or destroyed.

The scrouge of ransomware has also given rise to Ransomware-as-a-Service (RaaS), attracting amateur hackers as a means of easy money making. Without any deep tech knowledge, they can readily gain access to existing or even sophisticated tools – created by developers – to deploy ransomware payloads.

How can companies best address these threats, unravel their blind spots, and improve their cyber data security to instil business continuity across their organization?

Setting up a defense strategy

Companies and even government continue to make ransomware headlines, from Optus in Australia – where threat actors stole details of nine million Optus users – to the Costa Rican government, when a ransomware attack crippled its computer systems. These are stark reminders of how easily ransomware can disrupt a business and cause chaos.

In the war against cybercriminals, the onus is upon companies to engage in both offense and defense tactics. A good defense starts with backups and recovery – these can be the ultimate trump card in a ransomware hostage situation.

As companies adopt more and newer technologies to meet changing needs and demands, terabytes of data end up distributed across multiple environments, including on-prem, hybrid and multi-cloud. This mix of multigenerational technology fragments the data landscape, creating data silos and complicating backup and recovery processes.

The best way to reduce the data risks is to deploy a properly architected backup and recovery solution that ensures data availability and consistent recovery processes for all workloads across cloud and on-premises environments. We recommend a complete A to Z ransomware protection approach – from Air gapping to implementing Zero Trust principles for greater protection and recovery.

Creating air gap backup copies for secure off-site storage ensures multiple copies of backup storage targets that are segmented and unreachable from the public portions of the environment, this limits the attack surface of a potential malicious attack.  

Zero Trust is of course to trust but verify, and verify to ensure cyber threats do not have unlimited access to networks. Implemented through a multi-layered security framework with a unified platform comprising security dashboards and alerts create a strong defence that helps take the teeth out of an enemy’s ransomware attack.

Play offense to mitigate ransomware

Companies should also “play the offense” via a proactive approach to mitigating ransomware threats through early detection.

While traditional backup solutions may help customers recover post-attack, or identify potential threats that reach their backup environment, this usually happens too late in an attack, when business data has already been encrypted, exfiltrated, or leaked.

To combat the new wave of evolved ransomware, businesses need to anticipate the attack before the data is compromised. This is where early warning and threat detection comes in. Modern backup solutions with integrated cyber deception can offer an advanced early warning for threats that evade conventional security tools and are dwelling silently in production environments.

These solutions can offer sensor decoys mimicking real assets to proactively bait bad actors into engaging fake resources and spot threats in production environments, neutralising stealthy cyber-attacks before they can cause harm. By proactively flagging unknown and zero-day threats, the IT team can engage bad actors before they reach their data. Threats are exposed early, and attacks contained.

Power in knowing your enemy

Ultimately, companies should practise sensibility and practicality in dealing with data protection.

Just as we take steps to protect our homes, so must companies in taking steps to protect their data. A homeowner may install traditional means of security through cameras, locks, window sensors, and fences. However, the homeowner should also exercise discretion when he invites friends and acquaintances over. Someone who is deemed untrustworthy should not be on the invite list and new acquaintances should not be given easy and free access to roam around the house.

The same goes for the rapidly evolving threat landscape, where companies will similarly benefit from getting a clear picture of where the threats are and how to fortify themselves against them.

Using a combination of defence and offense – a rock-solid backup and recovery and advanced threat detection – companies can better posture themselves against cyberthreats. Companies will be in a better position to take countermeasures that stave off ransomware attacks and minimise data compromise and the subsequent crippling business impact. Combining data protection and advance cybersecurity could very well be the new normal.

ransomware know your enemy Daniel Tan

Written by Daniel Tan, Pre-sales Director for Japan, South East Asia, Korea, Hong Kong and Taiwan, Commvault

Be the first to comment

What do you think?

This site uses Akismet to reduce spam. Learn how your comment data is processed.