The R rate is shifting from area to area but, in many places, businesses are preparing for their work from home employees to return to the workplace in some form. However, inviting the team back to their desks brings with it fresh concerns and considerations that IT departments must grapple with.
These challenges range from ensuring that none of the returning devices have been compromised by malware, to re-assessing the systems and processes which were deemed ‘good enough’ before the pandemic. With ransomware breaches on the rise, as illustrated by the recent Blackbaud attack, businesses of all types must ensure their systems are not just ‘good enough’ but fully ransomware resilient.
A familiar foe returns
For businesses, the threat of a cyberattack is an everyday concern. Yet during lockdown, as people working from home used unfamiliar tools, cybersecurity became a more pressing concern than ever. Companies such as Honda and EasyJet felt the full force of this, as they were both hit by cyberattacks while trying to respond to the disruption of COVID-19. However, from a cybersecurity standpoint, this period of working from home could be the first wave of attack.
As employees are invited back to the office, there is a real risk that they could be bringing infected devices back with them. Once these devices are back behind the company firewall, latent malware could quickly spread across the network and do considerable damage during a critical recovery period.
There are two things which make this not just likely, but probable. Firstly, the pandemic coincided with the emergence of the EKANS virus, which may be lying dormant and unseen on devices until they reconnect to the corporate network and have the opportunity to laterally attack ICS data. Secondly, over the last six months, there is evidence of as much as a 72% increase in new samples of ransomware.
Many IT departments are already stretched as they support new flexible working initiatives, when you add to the mix new threats that need to be mitigated, and huge numbers of vector devices that could have been subject to all manner of malware since they were last seen, this could well be the perfect storm required for ransomware to take hold.
A good backup plan
Whether it’s legal, reputational or financial, having your customer data stolen can have severe ramifications. Take Garmin for example; there are multiple reports that the company had to pay a multi-million dollar ransom to retrieve their data after they became victim to a ransomware attack in July 2020. For businesses looking to mitigate against these risks, an effective data backup solution can help to eliminate the threat of data loss.
Ransomware attacks rely largely on companies not being able to restore data that has been encrypted by hackers, who use that leverage to extort vast ransoms in exchange for the encryption key. However, if companies have another trustworthy copy of that data stored safely elsewhere, ransomware attackers lose that position of power.
With an effective data backup solution in place, companies that fall victim to a ransomware attack can resume operations quickly and without interacting with the hackers. Instead, in that critical moment when businesses realize they’ve had their data stolen, a combination of on-premise and cloud backups allows the organisation to simply restore that backup data and resume operations.
When it comes to implementing an efficient data backup strategy, a good guideline to follow is the ‘3-2-1’ rule. This entails having three copies of your data, two of which are on different storage media and one that is air-gapped in an offsite location. Since attacks frequently focus on encrypting backup servers as part of their invasion, the need to physically isolate one such copy of backup data from the network (known as air-gapping) is perhaps now more important than ever.
Ultimately, while companies must accept there is a degree of inevitability when it comes to data breaches, being prepared for them is not just smart, it’s cost-effective and shows corporate responsibility.
Adapting to the new reality
While preparing for the possibility of a ransomware attack as employees return to the office is the immediate priority for many IT departments, we’re also seeing them channel their energies into shifting systems to accommodate the long-term changes to the traditional way of working that they anticipate as a consequence of COVID-19.
Many companies managed to quickly enable their employees to work from home at a moment’s notice. However, in many instances, this speed came from necessity rather than a level of preparedness. As a result, some companies would have accepted the trade-off that such a quick roll-out would result in short-term risks. Processes which, ordinarily, would have taken months, such as audits, tenders and staff training, were sometimes condensed into a one-week period. Meanwhile, technology deployments which may have been outsourced to specialists would have been installed by in-house talent instead.
As systems and processes shift from temporary to permanent, they need to be revisited and revised. That’s not to say it will be easy, though. Ultimately, there are multiple devices, applications and, in some cases, operating systems which have been out of the organisation’s central loop for months now. On top of that, there is no guarantee that those devices have been used purely for work, with Netflix binge sessions and Zoom quiz nights being the status quo for much of this time.
Having complete visibility into your IT infrastructure and data environments has never been more critical, and the danger to companies who aren’t taking the right precautions cannot be overstated. Businesses must ensure their data isn’t sitting siloed, unclassified and unmonitored across various disconnected cloud and on-premise environments.
Instead, it should be accessible by employees from a connected platform, such as the cloud, which is supported with the latest and most resilient security software. With this in place, businesses become more resilient to ransomware attacks in both a preventative and reactive capacity. Having regular, or even constant, monitoring of sensitive data, which is most at risk of encryption, will also speed up the reactive process.
In today’s world, the unfortunate truth is that ransomware attacks are inevitable. Businesses should certainly implement the strongest security measures to try and prevent infiltration. But excellent detection processes to spot attacks and strong data-backup protection solutions are just as important to be able to respond after the fact. There is no excuse for not being prepared when you’ve already been warned.
- Ian Wood is the Senior Director and Head of Technology at Veritas.