Last year, 85% of organizations experienced at least one ransomware attack, as per the Veeam Data Protection Trends Report 2023. With almost every organization falling victim to these attacks, the issue has become pervasive and nearly unavoidable. While this may seem daunting, acknowledging this reality allows us to effectively manage this persistent threat. Let’s explore the solutions organizations can employ to coexist with ransomware.
Insurance has limitations
Ransomware attacks are a prevalent and immediate threat, visible in daily news and boardroom discussions. Given the prevalence of these attacks, organizations must recognize that a ransomware attack is no longer a question of “if” but rather “how often.” While many organizations experienced at least one attack last year, the Veeam Data Protection Trends Report revealed that nearly half (48%) suffered two or three attacks. This can be overwhelming for organizations of any size, prompting many to seek cyber insurance for peace of mind.
Cyber insurance may cover the financial damage resulting from a ransomware attack, but it cannot prevent or reverse the damage or the consequential loss of customers and trust. Education and transparency, on the other hand, can help prevent ransomware damage, but sometimes, cyber insurance policies hinder these efforts.
As ransomware threats have risen, so have the requirements of cyber insurance providers. The recent Veeam Ransomware Trends Report found that over 20% of organizations indicated ransomware attacks were not covered by their cyber insurance provider. Even when covered, some providers prohibit companies from publicly disclosing the breach. This keeps the common occurrence of ransomware attacks hidden from view. Hopefully, this will change in the coming years because sharing our experiences and mistakes through education is how we become more resilient against ransomware attacks.
Talking about ransomware attacks helps demystify them. Despite frequent discussions of ransomware in the media, many people are unaware of how these attacks unfold. It may seem like a simple switch or a magic trick, but the reality is far more complex and extended. Since almost all organizations will experience a ransomware attack (many probably already have), understanding the entire process is essential for preparation and successful recovery.
Conversations about ransomware often neglect that it results from a series of orchestrated events by malicious actors. Ransomware doesn’t spontaneously appear; it follows days, weeks, months, or even years of groundwork. Let’s examine what happens behind the scenes.
Malicious actors start with an observation stage, where they gather information about their target, including people, processes, and technology, to identify opportunities. Similar to a burglar familiarizing themselves with entrances and exits to a building, cybercriminals seek to understand their target thoroughly.
Next, they infiltrate the target by sending phishing links or similar methods to enable entry and create a base of operations within the victim’s infrastructure. At this stage, they remain hidden while causing significant damage. Attackers exfiltrate data and may destroy backups without detection until they launch the final stage: the ransomware attack and demand.
Understanding this entire process, while overwhelming, is invaluable. Security teams not only deal with visible threats but also hidden and unseen foes that may be lurking in the background at any time. Nevertheless, knowledge empowers organizations to develop a robust backup and ransomware recovery strategy.
Don’t leave it to chance
While ransomware attacks are inevitable, data loss doesn’t have to be. Achieving 100% resiliency is possible with the right precautions. This may sound too good to be true, but with key elements, any organization can establish an ironclad data protection strategy.
This strategy comprises three components. First, security teams must ensure they have an immutable copy of their data, preventing hackers from altering or encrypting it. Second, data encryption safeguards stolen or breached data, rendering it inaccessible to hackers.
The most critical stage is the 3-2-1-1-0 backup rule. This entails maintaining a minimum of three copies of data, ensuring redundancy even if two devices fail. Organizations should store backups on two different media types, like an internal hard disk and cloud storage. One copy should be stored offsite securely, and another should be kept offline (air-gapped) with no connection to the primary IT infrastructure. The “0” stage is perhaps the most crucial: ensuring zero errors in backups through regular testing, monitoring, and restoration.
By following these steps, organizations can remain composed when a ransomware attack occurs, knowing they’ve secured their defenses against hackers.
Organizations will eventually encounter a ransomware attack; that’s the reality of today’s world. However, increased awareness leads to improved preparedness. While a cyberattack will always bring chaos, the right strategy can turn it into manageable chaos, making all the difference.
By Edwin Weijdema, Field CTO EMEA and Lead Cybersecurity Technologist, Veeam