Backups: The absolutely necessary security hygiene measure
The frequency and scale with which ransomware attacks are happening, tells us that a worldwide-scale ransomware attack at least every month is about to be the New Normal.
Experts at Barracuda Networks have shared best practices, actually basic security hygiene that every organisation needs to implement, to be able to get ahead of these ransomware attacks.
Of note, they observe that technology is moving ahead at such rapid pace, for example the Internet of Things, that basic security hygiene should be a practice that is so deeply instilled in us like brushing our teeth or washing our hands.
Why do we do it? To keep viruses and baddies away.
And in the checklist of things, IT environments needs to be conscientious about doing regularly if not automatically, is backups.
Regular backups are the one cure to ransomware attacks that work so far. They get businesses and organisations up and running despite them having their important files and data held for ransom.
How does it work?
Barracuda’s Laura Llovet has a strong view that, “If you think you only need a firewall and antivirus software – without also investing in a modern backup solution, – you are asking for trouble.
“Cybercriminals have many threat vectors to choose from, and some firewalls aren’t up to the task of blocking the most sophisticated and aggressive of them.”
And yet despite this, just by practicing smart habits, a few if not some organisations were able to get themselves up and running again despite having their files held ransom by cybercriminals.
Just two of a few popular examples are the HDDCryptor malware that infected San Francisco’s muni transit system and the Massachusetts police department that was also impacted by ransomware.
In the case of the Massachusetts police department, all they did was have a long-standing policy of backups done, every night. This way, affected users had their mailboxes restored to the backups from the night before.
Besides business data, other important data like device configurations should also be backed up and stored safely. In the event of a cyberattack, there would be less likelihood of a panicked rush on the part of administrators to configure all the hundreds if not thousands of devices and machines in their IT environment, to ensure they are compliant to organisation and security policies.
Ransomware escalation – is our protection enough?
It’s a widely held view that the latest global-scale ransomware attack last month, Petya aka GoldenEye, was undetected by all antivirus, except only two. Computers that did not have those two particular antivirus solutions and/or were unpatched, were practically vulnerable to the Petya ransomware.
Also, these computers at risk could not patch fast enough; mission-critical systems and/or some industries for example manufacturing, simply could not afford the downtime that updating patches meant even though it would offer some shield against malwares.
Just to put things into context, about the scale of cyberattacks that happen, and how much we are able to protect from, here are some figures from 2016 that are sourced from Barracuda Networks.
- Nearly 50-percent of organisations have been infected with ransomware
- Companies paid USD209 million to ransomware criminals in Q1 2016
- Less than half of ransomware victims fully recover their data even with backup
- More than 4,000 ransomware attacks have occurred every day since January 2016, up from 1,000 per day in 2015
- 40-percent of all spam email had ransomware, and 59-percent of infections came from email
- 70-percent of businesses paid the ransom
- In 2017, attacks are expected to double 2016 numbers
- Most businesses face at least two days of downtime when hit with ransomware
When the statistics for 2017 are compiled for 2017, these figures are expected to be multiplied many times-fold.
And today, as before we have to ask ourselves the question: Are we doing enough?
The best defence
In today’s business and operations landscape with its various moving parts with even more attack surfaces, it is nigh impossible to achieve 100-percent protection.
Low user awareness, insider threats, vulnerable applications and outdated protection can leave organisations exposed to ransomware and other advanced malware.
Perfectly 100-percent protection is a work in progress. But, In the meantime, backups are the answer and the number one way to recover from a ransomware attack.