Ransomware is part of disaster recovery

Issue 3 2022 Security Services & Risk Management, IT infrastructure

Hemant Harie.

There can be no doubt that ransomware attacks are on the rise across the globe. A simple online search will reveal thousands of statistics in this regard and South Africa is no exception.

What is also clear from numerous examples of successful breaches, is the potentially devastating effect of a ransomware attack, which can cripple a business and shut down essential services for extended periods, not to mention cost a fortune to recover from. They are, in fact, a legitimate business disaster and need to be considered as such when it comes to disaster recovery and business continuity planning.

Under siege

There is no shortage of high-profile examples of ransomware attacks in South Africa over the past two years, from Johannesburg City Power to the Life Healthcare hospital group, Transnet Ports to the Department of Justice and Constitutional Development. To highlight the magnitude of the problem, according to the Interpol African Cyberthreat Assessment Report, in the period January 2020 to February 2021, there were 230 million threat detections. The report also lists ransomware as one of the top threats affecting Africa, with nearly two-thirds of companies in the region affected by ransomware in 2020 alone.

Mind the gap

Malware can infect anything and everything that is online and these days, almost everything is online. With the risk of cyber-attacks so high, it has become imperative to have a plan to deal with the eventuality. Prevention is obviously better than cure, but when the threat simply cannot be prevented, the ability to recover is crucial and that is where data management needs to come into play.

One tried and tested method of protecting data and thus of having a copy of data available to recover from, is the concept of air gapping or data isolation. An air gap can either be physical or virtual, but it is, in effect, exactly what it sounds like: putting space between the copies of your data, to ensure that if one copy is infected, it cannot infect the other – like social distancing for your data. This can be done with physical copies of data, or in the cloud, by using separate clouds to store production and backup data copies.

Data isolation is a similar concept, which involves removing a copy of data to another location to separate it and prevent infection. Tape is an excellent example of this, where backup data is taken offsite to secure storage and repatriated on request. Data isolation limits access to data and creates an immutable copy through Write Once Read Many (WORM) architecture. Using WORM means that in the event of a ransomware attack, backup data cannot be corrupted or infected.

The threat lies in wait

Air gapped, isolated and immutable data copies are an essential component of data management. However, ransomware often lies dormant in an environment for an extended period, gathering information before it is activated to attack. This means that there is a distinct possibility that the air gapped, isolated and immutable copy of data is already infected and if it is used for restore purposes, the ransomware can simply be reactivated.

This is where regular maintenance, testing, threat detection and above all, keeping multiple copies of data from multiple points in time, becomes imperative. This way, should it be discovered that a backup copy is infected, you are able to roll back further to a previous copy that is free of the malware. Data management, data protection and disaster recovery around data requires multiple tools in multiple layers to ensure adequate coverage.

Best practices are best for a reason

Following a best practice framework for ransomware protection and recovery can prove to be invaluable. One such example is the National Institute of Standards and Technology (NIST) which proposes five steps to help mitigate the risk and impact of a cyber-attack:

1. Identify – assess and mitigate risks.

2. Protect – isolate, lock and harden data from changes.

3. Monitor – detect anomalies and threat patterns.

4. Respond – analyse the data and perform the actions as outlined in the plan.

5. Recover – restore clean data quickly to get business back up and running.

Ransomware attacks have become inevitable and being prepared for them is key to surviving the onslaught. This means having a recovery plan that aligns with business, maintaining readiness and responding when they occur. It means having an expert partner to assist with data management, protection and recovery. It means planning, testing and responding effectively. In short, it means that cyberthreats like ransomware are a disaster and they need to be treated as such or businesses face risk that could shut them down for good.

For more information contact Gabsten Technologies, Nora Van Schalkwyk, +27 87 654 3310, [email protected], www.gabsten.co.za

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

The components of and need for cyber resilience
Cyber Security Security Services & Risk Management
Organisations need to implement a comprehensive cyber resilience solution with data protection, backup, disaster recovery and business continuity to protect against ever-more complex and rising cyberthreats.

Enabling safety in communities
Security Services & Risk Management Products
Many Hytera devices are equipped with personal safety features, including emergency calling, Man Down and Lone Worker alerts, and GPS to enable users to be monitored and tracked.

Is the smoke beginning to clear for password security?
Access Control & Identity Management Security Services & Risk Management
The password problem is the result of bad habits, and they can be hard to break. But ask anyone that has done it and they will not tire of telling you the benefits.

Citrix App Protection helps secure remote workers
Cyber Security IT infrastructure
Many organisations are implementing a zero-trust security model with data protection as a top priority. This is largely due to the increase in remote work and unmanaged personal devices playing a growing role in the enterprise.

Kaspersky invests in development of neuromorphic processors
News IT infrastructure
Neuromorphic processors’ field of application is acceleration of the hardware used in the latest generation of artificial intelligence systems, which are based on spiking neural networks (SNN) training, which is more akin to biological interactions.

IoT provides assurance in ESG initiatives
Security Services & Risk Management
Environmental, social and governance (ESG) metrics can be used effectively to measure and define the impact an organisation has, the trust it engenders, and the value it takes beyond the shareholder and into the ecosystem.

The benefits of investing in whole-house surge protection
Smart Home Automation Security Services & Risk Management Residential Estate (Industry)
When you consider that the potential for equipment damage can run well into the hundreds of thousands of rands, whole-house surge protection is a worthwhile expense.

Infinidat enhances channel support
News IT infrastructure
Infinidat drives go-to-market strategy with new global partner portal and expands channel sales with Storage-as-a-Service in ArrowSphere.

2022 Cloud Security Report
Cyber Security IT infrastructure
The 2022 Cloud Security Report reveals how security executives and practitioners are using the cloud, how their organisations are responding to security threats in the cloud, and the challenges they are facing.

Are you your insider threat?
Technews Publishing Editor's Choice Security Services & Risk Management Commercial (Industry)
Insider threats are a critical aspect of risk management today, but what happens when it is the owner of the company acting fraudulently and making sure none of his staff can catch him?