Data Topics

Advertisement

‘Tis the Season to Be Wary

By Simon Jelley on
Read more about author Simon Jelley.

‘Tis the season to be jolly.

By now, those words from the familiar holiday tune “Deck the Halls” are echoing in malls across the U.S. But the retailers that fill those particular halls with yuletide treasures should be thinking, “‘Tis the season to be wary.”

With the holiday shopping season in full swing, December is a critical time for the retail industry. Thanks to some clever marketing, the term “Black Friday” itself even pays homage to just how important it is, denoting the beginning of the annual period when many retailers finally turn a profit rather than operating “in the red.”

That means mere minutes of unplanned data center downtime at any point in December can lead to millions in lost revenue. And one of today’s most pervasive causes of downtime is ransomware. In fact, a recent global survey found that the average organization experienced nearly three ransomware attacks that led to downtime in just the past 12 months.

The threat is so significant that the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency issued a joint warning stating, “Recent history tells us that this could be a time when these persistent cyber actors halfway across the world are looking for ways – big and small – to disrupt the critical networks and systems belonging to organizations, businesses, and critical infrastructure.”

Why? Because cybercriminals are smart, and they know that critical moments in time when businesses are most vulnerable are also when they’re most likely to feel like they have no choice but to pay up. Consider how the Ferrara Candy Company, the country’s largest producer of candy corn, was stricken with a ransomware attack just weeks before Halloween.

So, with boughs of holly decking their halls, retailers are on notice.

They’re on notice not only about the heightened threat of ransomware but also that while preventing ransomware attacks is a noble effort, it’s clear from the Ferrara attack and so many others that perimeter defenses regularly fail to prevent successful breaches. Retailers should focus equally on data protection – the last line of defense against ransomware. Here’s how:

Centralize Through a Backup Platform

First, companies should implement a centralized backup platform, which will make it easier to back up and store data from a wide array of sources. This will help ensure all data is protected and backed up, eliminating the protection gaps that may be present without a centralized platform. Simply put, with one centralized platform instead of many different backup solutions, companies can more easily implement, measure, and test their data protection strategy.

Strengthen the Resiliency of That Backup Platform

After implementing a centralized backup and recovery platform for all data sources, companies should harden it against ransomware attacks by:

  • Encrypting data at rest and in transit: Data is at risk both while at rest and in transit. Encrypting data at rest will help protect the data that is not currently moving from one device or network to another. Encrypting data in transit is critical, as files may be moving through networks, devices, or the cloud and can be exposed to threats throughout their journey.
  • Integrating digital certificates and a PKI: Public key infrastructures (PKI) define a secure standard framework to exchange and manage encryption keys, as well as small- and large-scale digital certificates. The digital certificates in PKI should be used by each of the components within a company’s backup infrastructure to strongly authenticate each other. This will help to protect the integrity of the data and the communication between backup systems.
  • Using strong authentication and user roles: Access to backup systems and their data should be heavily restricted. Clearly defined access roles and rights help to precisely map the privileges of a user to their real responsibilities within an organization. Additionally, features such as two-factor authentication and user privileges can ensure only approved users are accessing critical backups.
  • Leveraging containers for an easy patch management process: Implementing data containers for patch management allows for faster rollout of new patches. This limits the vulnerabilities on the operating system level of a company’s backup infrastructure. Containers can also help reduce the downtime of a system by providing rollback opportunities if something goes wrong.
  • Storing backup data safely: Using separate, air-gapped cloud-based storage for backups can help reduce the risk that ransomware and other threats to data integrity affecting primary data stores could compromise the backups too.
  • Implementing anomaly detection to detect potential ransomware: Anomaly detection can help identify rare or unusual items within a backup system that could indicate ransomware.

Develop a Plan for When a Crisis Strikes

Even after implementing all of the above, it’s still necessary to develop a plan for when an attack happens. Being proactive and creating a plan will help companies react appropriately and expeditiously in the event of an attack, thereby limiting the effects and scope of the crisis. Such plans should include:

  • An outline of who needs to be involved and their responsibilities
  • Detection and initial analysis of the attack
  • Defining the scope of the attack
  • Determining the origination of the attack (who/what/where/when)
  • Determining if the attack has concluded or is ongoing
  • Determining how the attack occurred
  • Containing the impact and propagation of the attack
  • Eradicating the malware and vulnerabilities that may have permitted its ingress and propagation
  • Recovering data from hardened backups
  • Responding to regulatory and/or contractual obligations as a result of the breach

Test and Test Again

It’s critical for companies to test their protection strategy before a disaster event like ransomware happens. This includes drilling the ransomware recovery plan outlined above. Testing a protection strategy can be cumbersome, but a centralized backup platform can help automate it.

Educate Employees and Business Leaders

Taking the time to educate leaders and employees about the risks and signs of ransomware can help not only prevent an attempted ransomware attack, but detect a successful one early, potentially preventing it from even getting near data backups.

Now Is the Time to Act

While the holiday shopping season is already here, it’s not too late to implement a strong data protection strategy based on the principles above. As the last line of defense against ransomware, it may be the only thing that keeps the season jolly.

Fa la la la la, la la la la.

Leave a Reply