Takeaway 1: Despite the challenges of a ransomware attack, having data stored in the cloud can help minimize the damage and keep operations running.
The panellists discussed the challenges of a ransomware attack, with Tony Kinkead noting that ransomware cybersecurity was a big part of their product offering. Paul Vries discussed the attack they experienced, saying, “We have a nonprivice environment and everything was encrypted. Everything that was the main joint was encrypted.”
He explained that they had to use indicators of compromise to determine which files were uploaded and when the attack occurred, and then restore to a safe version of the data.
Vries further noted that they had already moved a lot of users to the cloud, which helped minimize the damage and keep operations running: “A lot of the office users could remain working because their data was already in the cloud and only the main joint device were attacked.” This allowed them to focus on documenting the attack and getting ahead of it the next time.
Takeaway 2: Cybersecurity is an arms race, and organizations need to take steps to reduce their risk of attack.
Organizations need to take steps to reduce the risk of attack, as attackers only need to find one weakness to be successful. As Kinkead put it, organizations need to create a layered level of security in order to operate in a Zero Trust security model. “You want to secure every part of your infrastructure by itself,” he said, noting that “if the attacker gets access to a portion of your network, you were lucky.”
Vries agreed, noting that “it’s an arms race, and the attackers only have to find one weakness and you have to protect against all of them.”
Martijn Hoogesteger shared an example of how this can work in practice, noting that his organization had “deployed a number of decoys” to “whitelist and take out some noise” in a South American R&D facility. This allowed them to “stop the individual” who was attempting to gain access to the “crown jewels” of the organization.
Takeaway 3: The key to successful data protection is to act quickly and have a plan in place
Kinkead stressed the importance of acting fast in the data protection phase. “You have to act immediately, but you also have to follow the plan or work with external teams to come up with the right approach,” he said.
“You have to have a strategy around the immutability of your backups to be able to recover your data yourself, even though you might still be paying to prevent them from publishing some of that data.”
Remko Deenik pointed out that there was still more that could be done to protect data, while Vries noted the importance of awareness. Kinkead suggested that collaboration was key, saying, “like I also heard from Microsoft earlier, like collaboratively define those standards and there are already a lot of those standards that we worked out, like CIS and a lot of others, where we basically agree on what should be base hardening rules, what should be best practices, et cetera.”
Vries also suggested that IP addresses and exports could be used to contact systems locally, while Deenik suggested that digital forensic investigations could be used to figure out what data had been stolen. He noted that even if the data was stolen, it may still be possible to innovate and stay in business.
Discover how prepared you are for ransomware attacks by taking our quick assessment today. Evaluate your ransomware protection and recovery capabilities and get valuable insights from Commvault’s experts. Don’t leave your business vulnerable to cyber threats, act now and find out your level of ransomware preparedness!