Ransomware is likely to be the most prevalent risk to a business today. Its insidious by design and like a parasite, often lurking in your systems undetected for a while, and without a comprehensive cyber resilience strategy, you likely find out you have been the subject of one of these attacks when someone in the business says “I can’t access my files…” The cold sweat starts, and the scale of the issue starts to be realised. Right now, it feels like the ‘sledgehammer to crack a nut’ approach, but you start to assess the practicality and process of restoring all your systems from your last backup. Hold on…your backup sets are also impacted, and effectively destroyed with no chance of recovering any data from them – that was the first thing that the ransomware did.
Prevent!
Without a doubt, preventing a cyber incident is the first line of defence and the ways in which ransomware can infiltrate systems is vast, including Phishing, malicious attachments to emails, exploiting vulnerabilities in software and things like drive-by downloads to name a few.
The best practices for prevention include:
Employee training and awareness – read Rob’s Training IS the problemblog for more on our approach to this! – Awareness can stop a huge amount of risk in its tracks…
Keeping software and hardware up to date – its critical to keep things as up to date as possible – this ensures that you are closing vulnerabilities in hardware and software as soon as possible.
Implement strong security measures – these are not only technological, such as intrusion detection and prevention, SoC services, anti-virus/malware, ZTNA etc, but also procedural measures such as requiring four-eyes on critical or risky tasks and operating with a zero-trust/least privilege access approach to limit who has access to what.
Of course in an ideal world that would be enough, but sadly it isn’t. Statistically, we WILL be the subject of a Cyber incident at some point, so how do we detect it before its too late? How do we detect it early enough to limit the blast radius
Detect!
There are a myriad of solutions and systems available to detect a infiltration, but as we are data security and protection experts, we’ll focus on one of the key ways that you can identify an infiltration, and often the first place that is attacked – your data protection solutions…
We work with partners such as Rubrik, Veeam and others to help devise pragmatic solutions that find the right balance between risk mitigation whilst reducing your costs. The way in which ransomware is detected and defended against generally centres around a few key focus areas:
Immutable backups – in essence meaning that your existing backups cannot be changed. In our opinion, this is a DEFAULT of any backup storage solution, and you shouldn’t be paying extra for it!
Looking for and detecting suspicious behaviour in your backups – backup traffic tends to have a pattern, with a predictable set of changes each night, so deviations from this, like your entire file servers contents changing in a day, is suspicious.
Machine Learning and AI – closely linked to the above to detect, but also so that the solution can detect and respond to zero day attacks and risks
Inline scanning – as your backups are being taken, ensuring they are scanned for any malware
Containment – ensuring that anything that is taken into the backup environment is marked as suspect and contained.
Todays threats to business operations and continuity need modern solutions, and could be argued is a moral imperative.
Join us for part three, where we will discuss some of the solutions dataplanet can leverage to respond and recover or get in touch if you would like to know more on the above.
Cyber resilience is a wide-ranging subject, and a properly implemented strategy will cover a large range of subject areas, right across the business, from human factors, through detection, response, restoration etc. Cyber resilience is your business’ ability to take back control. To recover with confidence – never paying the ransom and returning to normal business …
Yep, yet another M365 backup blog! It would be relatively easy at this point to re-re-re-re-repeat what’s already been written in a myriad of other blog posts, telling its readers in no uncertain terms that M365 backup is a must, and so important that even Microsoft themselves strongly recommend that you take a 3rd party …
“people are the strongest link; they’re what make your organisation thrive” – This is an NCSC statement, and in my opinion, it is right on the money. However, people are also the biggest risk to your organisations cyber security posture, with an estimated 82% of breaches due to human error. We believe that the problem …
Take back control! Prevent and Detect Ransomware – Part 2
Take back control! Prevent and Detect – Pt 2
Following on from our first post on Cyber Resilience (Take back control! Cyber resilience and ransomware – Part 1) today we look at two of the pillars in a Cyber Resilience strategy – Prevent and Detect.
Ransomware is likely to be the most prevalent risk to a business today. Its insidious by design and like a parasite, often lurking in your systems undetected for a while, and without a comprehensive cyber resilience strategy, you likely find out you have been the subject of one of these attacks when someone in the business says “I can’t access my files…” The cold sweat starts, and the scale of the issue starts to be realised. Right now, it feels like the ‘sledgehammer to crack a nut’ approach, but you start to assess the practicality and process of restoring all your systems from your last backup. Hold on…your backup sets are also impacted, and effectively destroyed with no chance of recovering any data from them – that was the first thing that the ransomware did.
Prevent!
Without a doubt, preventing a cyber incident is the first line of defence and the ways in which ransomware can infiltrate systems is vast, including Phishing, malicious attachments to emails, exploiting vulnerabilities in software and things like drive-by downloads to name a few.
The best practices for prevention include:
Of course in an ideal world that would be enough, but sadly it isn’t. Statistically, we WILL be the subject of a Cyber incident at some point, so how do we detect it before its too late? How do we detect it early enough to limit the blast radius
Detect!
There are a myriad of solutions and systems available to detect a infiltration, but as we are data security and protection experts, we’ll focus on one of the key ways that you can identify an infiltration, and often the first place that is attacked – your data protection solutions…
We work with partners such as Rubrik, Veeam and others to help devise pragmatic solutions that find the right balance between risk mitigation whilst reducing your costs. The way in which ransomware is detected and defended against generally centres around a few key focus areas:
Todays threats to business operations and continuity need modern solutions, and could be argued is a moral imperative.
Join us for part three, where we will discuss some of the solutions dataplanet can leverage to respond and recover or get in touch if you would like to know more on the above.
Related Posts
Take back control! Cyber resilience and ransomware – Part 1
Cyber resilience is a wide-ranging subject, and a properly implemented strategy will cover a large range of subject areas, right across the business, from human factors, through detection, response, restoration etc. Cyber resilience is your business’ ability to take back control. To recover with confidence – never paying the ransom and returning to normal business …
Yet another M365 backup blog
Yep, yet another M365 backup blog! It would be relatively easy at this point to re-re-re-re-repeat what’s already been written in a myriad of other blog posts, telling its readers in no uncertain terms that M365 backup is a must, and so important that even Microsoft themselves strongly recommend that you take a 3rd party …
Training IS the problem!!!
“people are the strongest link; they’re what make your organisation thrive” – This is an NCSC statement, and in my opinion, it is right on the money. However, people are also the biggest risk to your organisations cyber security posture, with an estimated 82% of breaches due to human error. We believe that the problem …