Making Ransomware Protection Second Nature

The Bocada Team | November 28, 2017

A recent radio segment on our local public radio station had me thinking about ransomware attacks. In light of October’s Bad Rabbit attack that impacted Kiev’s metro system, the Odessa airport and the Russian media organization Interfax, our radio station shared their own experience with a ransomware attack this past summer.

As you can imagine, the attack wreaked havoc on every department and every system at the radio station. Perhaps the most remarkable piece of the radio segment was their director admitting to something we are all guilty of: choosing convenience over security. Allowing themselves to be lax on data security led to the most inconvenient situation possible – operational chaos.

Cybersecurity planning and ransomware protocols don’t have to be inconvenient. Consistent, logical incident response plans can make this entire process second nature.

The Full Impact of Ransomware

Ransomware is a type of cyberattack where hackers breach corporate networks and systems to lock organizations out of their own data with encryption. Cybercriminals demand money to unfreeze the lockout, devastating business operations in the process.

Though early ransomware attacks focused on healthcare and financial services targets, 39% of global organizations experienced ransomware in recent months. This summer, NotPetya and WannaCry ransomware attacks – which crippled major shipping, pharmaceutical and advertising enterprises’ operations and cost hundreds of millions of dollars — jolted CIOs, CISOs and their boards to start taking ransomware threats seriously. Just ask FedEx and Merck.

When medical systems are held hostage, doctors can’t access patient electronic health records. Pharmacists resort to manual paper scripts to dispense urgently needed medications. Bank and trading operations break down. Yet, a recent Ponemon survey shows 68% of respondents believe their organizations will not be resilient in the wake of a cyberattack.

Then there are the crisis management costs, reputational harm, system remediation, consumer identity fraud for leaked data and cyber insurance costs. The FBI estimates that in 2016 US businesses paid as much as $1 billion in ransom to attackers. Cybersecurity planning that includes data protection protocols to minimize looming ransomware attacks are no longer an inconvenient task to kick down the road.

Protect Your Organization from Ransomware Attacks

If ransomware has not affected your organization yet, it’s likely a matter of when, not if. Mostly likely, your organization is not ready. A full two-thirds of respondents in the Ponemon survey said their organization is not prepared to recover from a cyberattack. Additionally, 75% admit they don’t have a consistently-applied cybersecurity incident response (IR) plan and just over half admit they have never reviewed or updated their IR plan.

While new cyberattacks make it necessary to continually review and revise IR plans, one component has remained consistent: incorporating data protection through backup and recovery in the plan. After all, when ransomware locks you out of network data, backups get your operations back online. Incorporating backup processes as part of your IR protocols must become second nature.

Here are a few things to keep think about as you update cyberplans with data backup and recovery in mind.

Backup frequency. Consider full backups on mission critical clients or servers, with partial or differential backup at slower rates for less mission critical data. That way you know you can always access the most current version of key data while not unnecessarily overloading your system.

Oversight of backup successes and failures. Require regular backup audit reports on backup successes and failures across all backup systems. Preferably consolidated, executive level reporting that integrates this data from backup systems in all corners and regions of your enterprise. This will allow your team to isolate partial or failed backup targets that need attention.

Isolate Backup from the operational environment. Store backup data in an environment that will not be impacted by a ransomware attack. For instance, experts now recommend “…streaming the data over the network to another storage device using a backup application.” For companies who have migrated data to the cloud, recommendations include  setting up separate cloud storage that can only be accessed from backup systems, and is never, ever connected to the main network.

Constantly Monitor Data Backup Server Performance. Your CISO will want reassurance that servers can handle the massive data your organization generates every day for backups. By generating data capacity and occupancy reports, you’ll receive visibility into storage usage, and see trends over time to inform future storage spending. The last thing you want is a ransomware attack the day after you ran out of storage capacity.

Test your data recovery plan. Plans are only as good as their implementation. It is important to periodically recover operations from backup data to test your data recovery plan. You don’t want something going awry the day that dreaded ransomware lockdown takes your data hostage.

Keep Calm And Report On

As IT leaders, you will feel the pressure to constantly demonstrate that your data backup and recovery processes comply with ransomware and cybersecurity mandates. You will be audited on your everyday protocols, and regularly asked for assurances that you can efficiently restore operations with backup data during an attack.

Providing professional, timely backup operations reporting can offer the peace of mind of knowing you will pass these measures. When evaluating what type of reporting you’ll need, consider reports that give you:

• Visibility into backups across targets, clients, and servers;
• Transparency across business units and geographies;
• Insight into backup successes and failures; and
• An understanding of available storage and backup performance trends, and if they’re evolving.

Performing this manually is painstaking and time-intensive. If you’re ready to have this type of security in your IT environment and need a more efficient solution, we encourage you to schedule a demo with Bocada’s backup reporting software. When installed in your native environment, you’ll be able to quickly isolate problem areas that stand in the way of your cyberattack preparedness.