Ransomware attacks are up 148% amid COVID-19, as cybercriminals take advantage of the new work-from-home world and target vulnerable industries and populations.
Ransomware penetrates an organization’s IT infrastructure through phishing emails or endpoint vulnerabilities and then encrypts files, holding data hostage until a fee is paid to decrypt them. The FBI has deemed ransomware the fastest growing malware threat, causing significant revenue loss, business downtime and reputational damage.
It’s critical organizations protect their data by following the best practices below.
- Beware of these common pitfalls
- Data backups: Simply having a backup copy isn’t enough, as hackers often target backup copies first.
- Having a copy in the public cloud: Public clouds are a major target and can be hit just as easily as on-prem data centers.
- Up-to-date perimeter defenses: A high percentage of attacks occur at organizations with robust perimeter defenses, which attackers can bypass through phishing emails. It only takes one link click to open the door to an attack.
- User training: Phishing emails today are more convincing than ever, with hackers spoofing trusted associates and personalizing emails using social media data. Even an informed user may click in an unguarded moment.
- Create an immutable backup copy
To minimize downtime and avoid having to pay ransom, IT teams need to have immutable backup copies of data so a clean copy can be restored if a ransomware attack occurs.
Security is always a layered approach, and the last, best security layer for ransomware protection is a backup data copy on immutable storage. Once written, the backup data cannot be changed or deleted and therefore cannot be encrypted by ransomware. If an attack occurs, organizations can restore an unencrypted data copy via a simple recovery process without paying ransom.
Select enterprise storage systems now offer data immutability via a feature called Object Lock. Part of the S3 API, Object Lock is supported by multiple storage manufacturers, cloud providers and data protection software vendors. With Object Lock, data can be made immutable as part of an automated workflow, eliminating the need to handle physical media. The resulting security is comparable to offline storage but more scalable and accessible. Object Lock can also be fully automated using on-premises disk-based storage.
- Make sure your storage is tamper-proof
Object Lock makes data immutable, but to be fully protected you must also ensure the storage system itself cannot be compromised. If a hacker could gain direct access to the hard drives, for example, it might be possible to circumvent the storage software and wreak havoc. For this reason, look for an integrated storage system that is certified to meet government requirements for secure storage and non-rewriteable media.
Evaluating your cyber insurance coverage
Beyond following the best practices above, organizations should evaluate their cyber insurance coverage, as insurers will expect customers to do everything possible to minimize risk. Ask the following questions when assessing coverage to determine if you’re sufficiently protected:
- Are ransomware payments covered? Not always. After an attack on Jackson County, Georgia, the local government was responsible for the $400K ransom after its cyber insurance carrier refused to cover it.
- What defenses are required to get reimbursed? Ransomware attacks were the cause of 41% of the cyber insurance claims filed over the first six months of 2020. Due to complex ransomware strains that are difficult to decrypt and require large payments, some cyber insurance vendors now demand customers have robust ransomware protection, either charging higher premiums to those that don’t or even refusing to provide coverage entirely. These insurers encourage customers to maintain backup copies that are protected from encryption and increasingly won’t even cover claims for customers that didn’t have immutable backup copies established pre-attack.
- Even with rising premiums, can you afford not to have cyber insurance given the financial and reputational costs associated with ransomware attacks? Cyber insurance remains a worthwhile investment, even with rising premiums, and some insurers will offer discounts for having protections such as data immutability. It’s critical for enterprises to be strategic about their ransomware protection and implement data storage with the right set of security protections to be eligible for cyber insurance and receive the best rates.
With the remote work trend continuing in 2021, ransomware will remain a major threat. Therefore, organizations should: look for tamper-proof storage solutions that provide data immutability; keep up with evolving cyber insurance requirements; and ensure they have the right level of insurance. Doing so will make any ransomware attack that occurs manageable rather than catastrophic.
This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security Magazine. Subscribe here.