Ransomware is part of disaster recovery

Issue 3 2022 Security Services & Risk Management, Infrastructure


Hemant Harie.

There can be no doubt that ransomware attacks are on the rise across the globe. A simple online search will reveal thousands of statistics in this regard and South Africa is no exception.

What is also clear from numerous examples of successful breaches, is the potentially devastating effect of a ransomware attack, which can cripple a business and shut down essential services for extended periods, not to mention cost a fortune to recover from. They are, in fact, a legitimate business disaster and need to be considered as such when it comes to disaster recovery and business continuity planning.

Under siege

There is no shortage of high-profile examples of ransomware attacks in South Africa over the past two years, from Johannesburg City Power to the Life Healthcare hospital group, Transnet Ports to the Department of Justice and Constitutional Development. To highlight the magnitude of the problem, according to the Interpol African Cyberthreat Assessment Report, in the period January 2020 to February 2021, there were 230 million threat detections. The report also lists ransomware as one of the top threats affecting Africa, with nearly two-thirds of companies in the region affected by ransomware in 2020 alone.

Mind the gap

Malware can infect anything and everything that is online and these days, almost everything is online. With the risk of cyber-attacks so high, it has become imperative to have a plan to deal with the eventuality. Prevention is obviously better than cure, but when the threat simply cannot be prevented, the ability to recover is crucial and that is where data management needs to come into play.

One tried and tested method of protecting data and thus of having a copy of data available to recover from, is the concept of air gapping or data isolation. An air gap can either be physical or virtual, but it is, in effect, exactly what it sounds like: putting space between the copies of your data, to ensure that if one copy is infected, it cannot infect the other – like social distancing for your data. This can be done with physical copies of data, or in the cloud, by using separate clouds to store production and backup data copies.

Data isolation is a similar concept, which involves removing a copy of data to another location to separate it and prevent infection. Tape is an excellent example of this, where backup data is taken offsite to secure storage and repatriated on request. Data isolation limits access to data and creates an immutable copy through Write Once Read Many (WORM) architecture. Using WORM means that in the event of a ransomware attack, backup data cannot be corrupted or infected.

The threat lies in wait

Air gapped, isolated and immutable data copies are an essential component of data management. However, ransomware often lies dormant in an environment for an extended period, gathering information before it is activated to attack. This means that there is a distinct possibility that the air gapped, isolated and immutable copy of data is already infected and if it is used for restore purposes, the ransomware can simply be reactivated.

This is where regular maintenance, testing, threat detection and above all, keeping multiple copies of data from multiple points in time, becomes imperative. This way, should it be discovered that a backup copy is infected, you are able to roll back further to a previous copy that is free of the malware. Data management, data protection and disaster recovery around data requires multiple tools in multiple layers to ensure adequate coverage.

Best practices are best for a reason

Following a best practice framework for ransomware protection and recovery can prove to be invaluable. One such example is the National Institute of Standards and Technology (NIST) which proposes five steps to help mitigate the risk and impact of a cyber-attack:

1. Identify – assess and mitigate risks.

2. Protect – isolate, lock and harden data from changes.

3. Monitor – detect anomalies and threat patterns.

4. Respond – analyse the data and perform the actions as outlined in the plan.

5. Recover – restore clean data quickly to get business back up and running.

Ransomware attacks have become inevitable and being prepared for them is key to surviving the onslaught. This means having a recovery plan that aligns with business, maintaining readiness and responding when they occur. It means having an expert partner to assist with data management, protection and recovery. It means planning, testing and responding effectively. In short, it means that cyberthreats like ransomware are a disaster and they need to be treated as such or businesses face risk that could shut them down for good.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Boost revenue streams for MNOS
News & Events Security Services & Risk Management Financial (Industry)
ReveNet has introduced its new solution, designed to safeguard and potentially boost revenue streams in an increasingly challenging landscape for MNOS. The new platform combines advanced analytics and is built on trust, transparency, and sustainability principles.

Read more...
Risk-IO manages mining security risks
Security Services & Risk Management Mining (Industry)
[Sponsored] A local mining company with three large operations experienced increased security costs. The liability included no standardised risk assessment, poor management of the efforts to mitigate hazards, and unauthorised access with subsequent theft. The reactive approach to security was not only expensive but also wasteful in the sense that the costs were poorly managed, and there were no metrics to show improvement or trends in incidents.

Read more...
Threats, opportunities and the need for post-quantum cryptography
AI & Data Analytics Infrastructure
The opportunities offered by quantum computing are equalled by the threats this advanced computer science introduces. The evolution of quantum computing jeopardises the security of any data available in the digital space.

Read more...
NIS2 compliance amplifies skills shortages and resource strain
Information Security Security Services & Risk Management
A new Censuswide survey, commissioned by Veeam Software reveals the significant impact on businesses as they adapt to this key cybersecurity directive, with 95% of EMEA businesses siphoning other budgets to try and meet compliance deadline.

Read more...
Axis introduces ACS Edge and cloud storage
Axis Communications SA Surveillance Infrastructure Products & Solutions
Axis Communications has launched two new solutions within the AXIS Camera Station ecosystem, AXIS Camera Station Edge (ACS Edge) and AXIS Camera Station Cloud Storage (ACS Cloud Storage).

Read more...
SA company develops world-first safe K9 training for drug detection
Editor's Choice News & Events Security Services & Risk Management Government and Parastatal (Industry)
The Braveheart Bio-Dog Academy recently announced the results of its scientific research into training dogs to accurately detect drugs and explosives without harming either the dogs or their handlers.

Read more...
Understanding South Africa’s Cybercrimes Act
Information Security Security Services & Risk Management
The Cybercrimes Act No.19 of 2020 is a comprehensive legislative response to the evolving landscape of cyberthreats in South Africa. Its effectiveness, however, relies on enforcement, which relies on implementation, international cooperation, and collaboration between the public and private sectors.

Read more...
Partnership addresses fire hazard mitigation
Brigit Fire (a Division of Hudaco Trading) Elvey Security Technologies Fire & Safety Security Services & Risk Management
Brigit Fire has partnered with the Elvey Group. The collaboration will see Brigit Fire distributing both the advanced C-TEC addressable fire detection systems (CAST Technology) and GreenMist lithium extinguishers.

Read more...
Fire protection for a solvent extraction plant in Africa
FS Systems Fire & Safety Security Services & Risk Management Mining (Industry)
A prominent mining site operates a state-of-the-art solvent extraction (SX) plant, integral to separating and purifying metals from ores, which pose significant fire risks, as SX processes involve highly flammable organic solvents and elevated operating temperatures.

Read more...
Taking fire safety seriously
G2 Fire Editor's Choice Fire & Safety Security Services & Risk Management
To gain insights into how fire systems must be designed, installed and maintained, SMART Security Solutions asked Nichola Allan, MD of G2 Fire, for some insights into the local fire market.

Read more...