Resource Library - eBook Whitepaper
Ransomware: 4 Ways to Protect and Recover
WHEN YOUR BUSINESS DEPENDS ON ACCESS TO DATA - FAST RECOVERY IS A PRIORITY
As cyber security pundits warned, the number of ransomware incidents is on the rise in 2017. Unfortunately, ransomware schemes have become an easy source of revenue for cyber criminals, which has resulted in a growing number of attacks every year. When an attack occurs, unprotected organizations can lose access to critical electronic files, putting their entire business at risk. To restore access, organizations are faced with the decision to pay the ransom – with the hope that the files are actually released – or attempt an ad hoc recovery, with no guarantee that current data can be reliably reproduced. To maintain access to your critical data, consider these four best practices to protect and recover from ransomware attacks with confidence.
4 WAYS TO PROTECT AND RECOVER FROM RANSOMWARE ATTACKS
Implementing a multi-layer security strategy – including anti-malware, personal firewall, hard disk and file encryption, DLP and more – is critical to protecting against growing cybersecurity threats. However, even with all of these endpoint protection solutions, there's still a modest chance of breach. According to the Gartner Magic Quadrant for Endpoint Protection Platforms,1 "When 44% of reference customers for EPP (Endpoint Protection Platforms) solutions have been successfully compromised, it is clear that the industry is failing in its primary goal: blocking malicious infections."
To protect even the most data-intensive business environments from ransomware, consider the following best practices:
"Ransomware use grew by 167 times year over year and was the payload of choice for malicious email campaigns and exploit kits."
ONE: HAVE AN EFFECTIVE INFORMATION SECURITY PROGRAM
If your organization is new to information security, or you have only a partially implemented information security capability, consider taking the following steps outlined in Table 1 to put an effective security program in place.
|Know where critical data is stored||
Maintain awareness of data location
|Simple to Use Policy and Workflow Automation||
Reduce IT admin burden with a library of basic tasks, customization capabilities and automated workflows such as auto retention and defensible deletion based on content attributes. You have real-time visibility into all running jobs and events with customized alerting and reporting, as well as out-of-the-box reports.
Prepare for the evolving threat landscape
Table 1: Components of an effective security program
Ransomware: Defending Against 5 Major Types
By knowing the type of ransomware attack that you are under, the initial response, can significantly limit the damage that’s inflicted.
TWO: PROTECT DATA WITH TECHNOLOGY BEST PRACTICES
With the growing number of threats, coupled with the evolving sophistication of attacks, businesses need to clearly understand the cost tradeoffs of investing in cybersecurity and employee education, against loss of access to critical data and the resulting impact on your business.
Network security is a good first line of defense in guarding against ransomware attacks. And by implementing effective technology best practices, organizations can further protect their data and IT infrastructure. Table 2 outlines key technology strategies to help eliminate the potential for infection by ransomware attacks.
|Detect and prevent||
Employ a multi-faceted security solution
|Use external cert groups (computer emergency response teams)||
|Identify and stop infection||
Define a comprehensive prevention policy
|Keep a "Gold" image of systems and configurations||
|Maintain a comprehensive backup strategy||
Prepare for the evolving threat landscape
Table 2: Technology best practices
Services to Protect You Even More
To establish the comprehensive safeguards to protect from ransomware attacks with complete confidence, consider the support of Commvault services. We are experts in addressing the security layers you need to protect your environment from vulnerabilities. Working closely with your backup, recovery, archive and cloud teams, our technology consultants will help you develop a practical, modern design for your IT environment that is both efficient and secure.
THREE: EMPLOY EFFECTIVE BACKUP STRATEGIES
Recognize that a ransomware event is almost always a progressive hack. It works over time, and can run in the background for a week or more, and learn the behavior of your backup routines. As such, it is important to maintain a persistent copy of the data in other locations as part of your disaster recovery procedures.
Many who only rely on snapshots as backup are at a higher risk. When the snapshot or the other instance is replicated, the source is corrupted too, as it follows the replication. Have a preserved version of the data from prior recovery points in protected locations is the ticket.
|Employ backup or DR processes||
Table 3: Data protection best practices
Using a cloud library is another alternative for a good external collection. Since the cloud backup is not visible to the local administrator operating system account, it would require additional sophistication to gain access to your cloud user credentials. And while no one loves tape in the day of “disk only,” it may prove to be a better alternative for some businesses, as the online nature of disk is what exposes the persistent risk.
FOUR: EDUCATE EMPLOYEES TO SECURE THE ENDPOINT
Finally, educating everyone who touches your data on good security habits is essential to keeping businesses secure–remind them to use common sense. As described by the Internet Security Threat Report,2 educate your users on the best practices outlined in Table 4.
|Train users to practice security best practices||
A complete recovery solution that covers applications, servers and end user machines is the only way to minimize business disruption when a ransomware attack occurs in your organization. Read more at commvault.com/ransomware.