Saturday, September 21, 2024

Understanding the critical role of resilience in defending against ransomware

The cybersecurity arms race, with the security ecosystem on one side and threat actors on the other, sees adversaries pitted against each other in a struggle for supremacy. Each side continually evolves its technologies and tactics, with the arrival of advanced AI massively raising the stakes.

In this context, cybercrime is a huge growth industry. Reporting by The Register earlier this year shed some fascinating light on the sheer scale of the problem, quoting the CEO of JPMorgan Chase, who said: “There are people trying to hack into JPMorgan Chase 45 billion times a day.”

With the experience of just that one organisation in mind, it’s alarming but perhaps not altogether surprising that the overall costs of cybercrime continue to skyrocket and are expected to surpass $10 trillion globally. To give that number some kind of context, it’s a figure not far short of the GDP numbers for Japan, Germany and India combined.

Despite the growing level of risk, today’s cybersecurity technologies and professionals keep the vast majority of networks safe, with many organisations implementing a multi-layered approach to guard against different types of threats. At the same time, the wider concept of resilience – the ability to withstand, recover from and continue operating in the face of disruptions such as cyberattacks – has become a board-level priority.

Real-time risks

Take the risks posed by ransomware, for example, where mitigation depends heavily on early detection and swift response. Today’s real-time detection solutions now offer continuous network monitoring by scanning for anomalies or suspicious activities indicative of ransomware. These systems can detect active file encryption or unusual data access patterns and trigger immediate alerts, enabling rapid response. This kind of early warning system not only limits the volume of data encrypted by attackers but also accelerates incident response times, significantly reducing the potential impact of an attack.

In addition to detection, advanced analytics technologies can assess the origin, techniques and behaviour built into ransomware, helping cybersecurity teams quickly isolate affected systems, remove the threat and restore operations. This combination of real-time monitoring and detailed forensic analysis greatly enhances an organisation’s ability to recover with minimal disruption.

This approach can be implemented as part of a Continuous Data Protection (CDP) strategy, whereby every change made to data is saved in real-time. Unlike traditional backup methods that run at specific intervals (such as daily or weekly), CDP captures and records all changes to data as they happen, allowing for near-instantaneous recovery to any point in time before a failure or data corruption occurs.

These capabilities are rapidly becoming must-haves, particularly given evolving ransomware capabilities that target backup systems alongside primary data. Organisations finding themselves in this situation face significant challenges in restoring operations after an attack as they render traditional backups significantly less reliable. In many cases, fully restoring data from traditional backups can take weeks, especially for large enterprises managing vast amounts of critical information.

While traditional backups might suffice for non-critical or less sensitive data, modern enterprises require advanced recovery solutions to ensure the rapid restoration of mission-critical applications and minimal downtime. Disaster recovery platforms that leverage CDP provide near-instant recovery for complex applications with minimal data loss.

The last line of defence

Another key component of an effective layered strategy is the implementation of a security vault. This is a highly secure, isolated environment designed to protect critical data and ensure rapid recovery after a cyberattack, particularly from ransomware. Often acting as a last line of defence, they integrate air-gapped isolation and a zero-trust architecture to provide extremely robust protection.

Even if primary cybersecurity defences fail, the role of the vault is to ensure that the organisation’s most critical data remains untouched and recoverable. Typically, vaults will also employ immutable storage, whereby data cannot be altered once saved, preventing ransomware, for example, from corrupting backup copies. For highly regulated industries, in particular, these capabilities are essential for compliance and recovery orchestration, as they allow organisations to test and validate recovery processes within a secure sandbox before bringing data back into the production environment.

Modern security vault technologies also address the shortcomings associated with traditional architectures, particularly speed of recovery or recovery time objective (RTO). Restoring data from tape or from lower-tier storage can extend recovery by days or weeks, while scanning for clean copies prolongs the process even further, as does recovery onto anything other than production-grade storage.

Moreover, if law enforcement or security teams are performing forensic analysis on production infrastructure, organisations may find they need to run workloads elsewhere for some 

time after recovery – a capability many backup and cold cloud storage solutions simply aren’t designed to support.

A key takeaway here is that while security threats in general and ransomware in particular continue to test the boundaries of protection and recovery strategies, using CDP as a foundation for resilience can act as a game-changer for organisations that find themselves under constant attack. Those who prioritise these capabilities will be ideally placed to remain secure as the risks continue to evolve.

 

The post Understanding the critical role of resilience in defending against ransomware appeared first on Cybersecurity Insiders.


September 21, 2024 at 09:54PM

0 comments:

Post a Comment