Tunde Abagun, Channel Sales Manager Sub-Saharan Africa, Nutanix.

It is expected that ransomware will cost companies more than US$265-billion annually by 2031. By then, organisations will have to deal with a ransomware attack every two seconds. It really becomes a matter of when rather than if a business gets compromised. 

This will result in significant financial damage and a considerable negative reputational impact on the brand. With data considered the lifeblood of any company, decision-makers must rethink their approach to safeguard this asset beyond traditional anti-virus and firewall solutions and make backups.

This is even more so the case given how shared storage has become one of the primary targets for cybercriminals to launch ransomware attacks against. Being able to hijack valuable customer, financial or sensitive information and demand payment for access to this data means companies can ill afford to ignore the massive brand damage compromises can have.

While some businesses are quick to pay the ransom to access their information, there is no guarantee that their data will be restored or that these threat actors will not target the company at a later stage.

Adding to this complexity is that ransomware cannot be detected by anti-virus and firewall solutions. More often than not, these attacks are perpetrated by cybercriminals using sophisticated social engineering techniques targeted at the weak point of the cybersecurity chain – employees.

The power of immutable backups

A concept that has gained significant traction recently is that of immutable backup. Think of it as a copy of data that, once saved, cannot be modified, overwritten, encrypted, deleted, or altered in any way. Even the applications, users, and administrators that generated the data will be unable to make any changes to it.

This means the data is protected from corruption or deletion, as well as viruses and ransomware. In contrast, traditional backups are still prone to encryption (think ransomware) and other tampering that, when restored, can significantly impact business operations. At a time when data privacy regulations are in the spotlight, companies can ill afford to fall foul of compliance. In addition to the damage caused by successful ransomware attacks, these fines add insult to injury. And then, there is the additional negative perception created by this and potential jail time for executives given the vagaries of, for example, the Protection of Personal Information Act (POPIA) in South Africa.

The cloud has become the most common medium to use when it comes to immutable backups. This provides an air-gapped environment away from the company's primary storage medium, such as the on-premises server or data centre.

The cloud can be accessed from anywhere, making recoveries quick to perform even when employees are not in the office. Compare that with the old way of sending an administrator to retrieve a physical tape backup from off-site premises and then having to drive to the office to restore the files.

Beyond delivering an effective defence against ransomware and other malware, opting for an immutable backup strategy also ensures data integrity. Decision-makers know that their data will remain accurate and intact regardless of the circumstances. It also simplifies compliance as having immutable copies of data ticks the necessary governance boxes. Perhaps one of the most critical benefits is that it eliminates the risk of any accidental data changes. Human error is still one of the biggest causes for concern when it comes to cybersecurity and data protection. Mitigating against this risk provides leadership with the peace of mind that their data is safe.

Prevent, detect, recovery

Of course, this does not mean companies can ignore putting cybersecurity measures in place. However, they must modernise the environment by adopting data-based security based on the concept of Zero Trust. The most widely-regarded philosophy when it comes to defences for modern businesses is - prevention, detection, and recovery.

Prevention centres on applying best practices when it comes to cybersecurity policies. For instance, enforcing strong password hygiene, micro-segmenting the network to prevent the spread of malware, using endpoint protection to keep all devices secure that are connected to the network, and regularly training employees on cybersecurity awareness are all key elements of this.

Even so, best practices will only get a business so far. Detecting any malicious activity on the network remains integral. There are several tactics to consider when it comes to modern detection methodologies. Using layer 7 threat detection tools like intrusion detection and prevention systems can identify fraudulent network activity. Companies can even consider employing network honey-pots to augment their detection capability. Even better, these ring-fenced areas are effective at isolating attacks from spreading to the broader network. There are also anomaly detection tools to use that monitor resource usage and storage activity to alert IT teams of any suspicious activities.

Regardless of all these tactics, breaches might still occur and damage systems and data that do not form part of an immutable backup strategy. An effective recovery plan is therefore crucial in the wake of such an attack. Companies should consider replicating non-immutable data to one or more locations. Following the 3-2-1 rule of backup is, therefore, key in this regard. This sees a business saving at least three copies of its backups using two different storage media, with one being located off-site.

Ultimately, implementing the necessary solutions and strategies to mitigate the risk of ransomware and other threats is critical if a company is to protect its data and keep its reputation safe.