Critical steps to ransomware protection in the cloud
The ransomware threat is very real with attacks growing in size and frequency, in part, because of the acceleration of digital transformation initiatives and the move to embrace digital services as well as the rapid implementation of hybrid ways of working.
As new digital systems required multiple access points for customers, partners, and employees, this has created a vastly expanded attack surface. This has hastened the rise in ransomware attacks, as attackers quickly took advantage of the increased number of possible attack vectors.
Attacks are expected on a business, consumer, or device every two seconds
As a result, cybercrime has escalated, and a record-breaking number of ransomware attacks of increasing severity are taking place year-on-year. According to Cybersecurity Ventures, ransomware is expected to attack a business, consumer, or device every two seconds by 2031, up from 11 seconds in 2021. Global ransomware costs are expected to rise from $20 billion in 2021 to $265 billion by 2031.
Additionally, recent research from our partner, Veeam, found that three out of four organizations have been affected by ransomware and over half of those surveyed have dealt with at least two attacks in the last 12 months. The research found a 93 percent increase in ransomware attacks, which means attacks have nearly doubled in 2021 compared to 2020, likewise more of these attacks are focusing on smaller businesses.
Double or triple extortion techniques
But not only are organizations at risk of having their data locked and having to pay to get it restored, once attackers have accessed the data to lock it, they are also exfiltrating it. This means that attackers are not only asking to be paid to unlock data, but they are asking to be paid to NOT release it on the web. Unfortunately, attackers are then going to customers, partners, suppliers, and anyone else they can identify in the stolen data and asking these organizations to pay to not release the data. These double or triple extortion techniques are becoming commonplace, with additional payment demands around disclosure.
Unfortunately, there is no silver bullet and ransomware in 2022 will continue to evolve, with ransomware operators using new and more complex techniques with more targeted attacks. When it comes to cybercriminals, it’s a faceless and nameless way to earn money. With little risk of being caught, ransomware will keep expanding.
Implementing a multi-layered security approach
Therefore, defending against ransomware before it happens is an important first step and enabling a multi-layered approach to secure a cloud environment is critical. Having a reliable plan to ensure a quick recovery after it happens is just as important to the viability of any business since even the best defenses can fail against these relentless attacks. With the inevitability of ransomware, it is not a question of if, but when.
Having a multi-layered approach is about having the right people, processes, and technology in place. It is about having a secure environment where you can put the organization’s data in the first place. And it is also about having proper backup so that an organization can restore data, if necessary. Equally important is having the ability to quickly recover the entire environment when the attack is too widespread to clean-up quickly in-place, allowing the organization to move past any ransomware incident in a separate clean environment with the least possible damage to the business.
To do this effectively and provide multi-layered cloud protection against attacks involves a combination of security, backup, and recovery technologies. This means choosing a secure cloud platform carefully to make sure that the organization has the flexibility, security, resiliency, compatibility and support it needs.
Working with a provider that has strong security foundations
I have often found with many of the hyperscalers is that security is more of an afterthought, and it is certainly an additional cost. Organizations need to make sure that any cloud platform they are utilizing has security baked in as a top consideration and that their cloud provides secure foundations that the company can build upon. If this isn’t the case, then they need to ensure that they have the wherewithal and internal resources to do this themselves.
Having a solid data protection plan in place
From a data protection perspective, industry statistics show that 96 percent of companies with a trusted backup and DR plan survive a ransomware attack. This is significant. Ransomware tactics are all about trying to remove business access to data so being able to restore access to that data without paying is key. Last year, Colonial Pipeline paid hackers $4.4 million in ransom for a decryption tool that restored oil operations, despite FBI and Department of Homeland Security recommendations that companies avoid paying ransoms.
Today with ransomware only set to increase, organizations need to take as many preventative measures as they can, but they also want to minimize as many issues as possible, so the key factor is how fast can the organization recover and what are acceptable recovery times for the business and their customers. In an ideal world, a company would protect everything and make it all instantly restorable, but unfortunately, this can be cost-prohibitive, so having a strategy in place around recovery times is important. Most organizations will have a recovery tiering approach, that includes both backup restoration and replication-based DR. For smaller companies this may be quite straightforward but larger organizations will have more complex requirements.
In light of escalating ransomware attacks, data protection is sure to become more challenging in 2022 and beyond. As organizations store more data, particularly in a highly distributed infrastructure, they become more vulnerable to threats. Therefore, when organizations are planning their data protection and recovery, they need to consider what is most cost effective, but more importantly, hits the best stride in managing through multiple layers of protection to ensure a successful deflection of attacks and rapid recovery.
Brian Knudtson is Director of Cloud Market Intelligence, iland, part of 11:11 Systems