Dormant malware - beware the lurking threat to your data
In today’s constantly evolving cybersecurity landscape, companies must adopt a proactive approach to data protection to effectively defend against repeated cyberattack attempts, as it is no longer a matter of “if” or “when”, but rather “how often” they will get hit. Modern-day malware attacks no longer only target organisations’ data, but also their backup solutions to ensure that an extortion attempt can be carried out successfully. As such, organisations need to deploy data protection solutions that can protect themselves, as well as the data.
In many cases, malware attacks now involve double and triple extortion threats, not only denying access to an organisation’s data but also threatening to publish it on the dark web. The problem is further compounded when negotiations with attackers become impossible once data reaches the dark web, resulting in not just financial loss but also irreparable reputational damage.
At the same time, cybersecurity threats are continuously evolving, and we are seeing an increase in the use of Artificial Intelligence (AI) and as-a-service tools to make these attacks possible. Thus, organisations need to start using AI to fight AI, leveraging the power of machine learning and algorithms to guard against these malware attacks.
Unfortunately, not many organisations are likely to detect the presence of dormant malware within their environments, unless they invest heavily in man-hours and resources to manually monitor environments. Malware can therefore live within the organisation’s systems for up to a year before coming out of its dormancy.
Very intelligent, very nefarious
Since malware can remain dormant within an environment and hidden from most conventional data protection tools, it can assess how data flows within an organisation. Once it understands how the data is flowing and what data is deemed critical to the organisation, it will then activate itself. So, while such malware is very intelligent, it is also very nefarious, and companies need to find data protection solutions that are even more intelligent.
If a company’s data protection tools do not contain some level of built-in cyber resilience, the organisation runs the risk of unknowingly compromising its data integrity and safety when backing up its critical data.
For example, if an organisation backs up a dormant malware file, which activates, and a data protection solution is used to restore affected data, all that will happen is that the malware will also be restored to a previous version and will be ready to launch a second attack. This compromises data integrity and safety, even with air-gapped backups.
Organisations must therefore verify the integrity of their data before recovering it or moving it from one location to another, or risk facing a major compromise. Having intelligent tools in their production and data protection spaces will help organisations recover cleanly and unscathed from a malware attack.
Layers of security
To successfully defend against such attacks, companies must find ways to layer their security. So, while it is no longer a question of “if” and “when”, but “how often” an attack is likely to take place – because a loophole will always exist somewhere that makes penetration possible – having sufficient security layers will enable an organisation to isolate the incident and minimise its impact.
In the modern business space, data is the lifeblood of enterprises. It is essential to secure all data and to maintain a focus on cyber resilience and data protection, to bolster business continuity.
Ultimately, enterprises must be proactive and do what they can to guard their data and utilise available tools to maintain data security –not only to create peace of mind within the organisation, but to reassure their customers that integrity of the data remains a priority. My advice is to start somewhere and take small steps, the cybersecurity journey is never-ending.