Ransomware is part of disaster recovery

Issue 3 2022 Security Services & Risk Management, IT infrastructure

Hemant Harie.

There can be no doubt that ransomware attacks are on the rise across the globe. A simple online search will reveal thousands of statistics in this regard and South Africa is no exception.

What is also clear from numerous examples of successful breaches, is the potentially devastating effect of a ransomware attack, which can cripple a business and shut down essential services for extended periods, not to mention cost a fortune to recover from. They are, in fact, a legitimate business disaster and need to be considered as such when it comes to disaster recovery and business continuity planning.

Under siege

There is no shortage of high-profile examples of ransomware attacks in South Africa over the past two years, from Johannesburg City Power to the Life Healthcare hospital group, Transnet Ports to the Department of Justice and Constitutional Development. To highlight the magnitude of the problem, according to the Interpol African Cyberthreat Assessment Report, in the period January 2020 to February 2021, there were 230 million threat detections. The report also lists ransomware as one of the top threats affecting Africa, with nearly two-thirds of companies in the region affected by ransomware in 2020 alone.

Mind the gap

Malware can infect anything and everything that is online and these days, almost everything is online. With the risk of cyber-attacks so high, it has become imperative to have a plan to deal with the eventuality. Prevention is obviously better than cure, but when the threat simply cannot be prevented, the ability to recover is crucial and that is where data management needs to come into play.

One tried and tested method of protecting data and thus of having a copy of data available to recover from, is the concept of air gapping or data isolation. An air gap can either be physical or virtual, but it is, in effect, exactly what it sounds like: putting space between the copies of your data, to ensure that if one copy is infected, it cannot infect the other – like social distancing for your data. This can be done with physical copies of data, or in the cloud, by using separate clouds to store production and backup data copies.

Data isolation is a similar concept, which involves removing a copy of data to another location to separate it and prevent infection. Tape is an excellent example of this, where backup data is taken offsite to secure storage and repatriated on request. Data isolation limits access to data and creates an immutable copy through Write Once Read Many (WORM) architecture. Using WORM means that in the event of a ransomware attack, backup data cannot be corrupted or infected.

The threat lies in wait

Air gapped, isolated and immutable data copies are an essential component of data management. However, ransomware often lies dormant in an environment for an extended period, gathering information before it is activated to attack. This means that there is a distinct possibility that the air gapped, isolated and immutable copy of data is already infected and if it is used for restore purposes, the ransomware can simply be reactivated.

This is where regular maintenance, testing, threat detection and above all, keeping multiple copies of data from multiple points in time, becomes imperative. This way, should it be discovered that a backup copy is infected, you are able to roll back further to a previous copy that is free of the malware. Data management, data protection and disaster recovery around data requires multiple tools in multiple layers to ensure adequate coverage.

Best practices are best for a reason

Following a best practice framework for ransomware protection and recovery can prove to be invaluable. One such example is the National Institute of Standards and Technology (NIST) which proposes five steps to help mitigate the risk and impact of a cyber-attack:

1. Identify – assess and mitigate risks.

2. Protect – isolate, lock and harden data from changes.

3. Monitor – detect anomalies and threat patterns.

4. Respond – analyse the data and perform the actions as outlined in the plan.

5. Recover – restore clean data quickly to get business back up and running.

Ransomware attacks have become inevitable and being prepared for them is key to surviving the onslaught. This means having a recovery plan that aligns with business, maintaining readiness and responding when they occur. It means having an expert partner to assist with data management, protection and recovery. It means planning, testing and responding effectively. In short, it means that cyberthreats like ransomware are a disaster and they need to be treated as such or businesses face risk that could shut them down for good.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Convergence of cyber and physical security
Integrated Solutions Security Services & Risk Management
The overlap between cybersecurity and physical security will necessitate the integration of cyber and physical security in order to enable the sharing of events to the same security operations centre.

Supporting local manufacturing
Industrial (Industry) IT infrastructure
Smart Security asked Esenthren Govender, Solutions Executive at Technodyn for insight into how the company supports local manufacturing organisations to optimise their business.

Reduce electrical risks in commercial and industrial buildings
Security Services & Risk Management
Eaton’s new whitepaper aims to help professionals reduce electrical risks in commercial and industrial buildings and prevent faults that can endanger workers, damage property and disrupt business continuity.

Sustainability School opens for enrolment
Education (Industry) News Security Services & Risk Management
Three-part programme, first developed for Schneider Electric employees, is now available for free for companies worldwide. Attendees learn how to future-proof their businesses and accelerate their decarbonisation journeys.

Success in business process best practices
Technews Publishing Kleyn Change Management Editor's Choice Integrated Solutions Security Services & Risk Management
This month we commandeer time with the woman who is spearheading our national conversation on Women in Security, Lesley-Anne Kleyn, to get to know the lady herself a little better.

Security awareness training
Training & Education Security Services & Risk Management
It is critically important to have a security awareness solution that uses the limited time available to train effectively, and one that provides targeted education that is relevant to users.

Technology to thwart solar panel thieves
Asset Management, EAS, RFID Security Services & Risk Management Products
A highly efficient industrial network is coming to the rescue of the solar industry, as solar panels, inverters and batteries are being targeted by thieves and threaten to destabilise the industry.

Banking the unbanked comes with security risks
Financial (Industry) Security Services & Risk Management
As grim as it was, the pandemic of recent years and its resultant global economic crisis were a prime catalyst for record number of first-time bank users, the previously unbanked.

Security is like infinity
Alwinco Security Services & Risk Management
Security needs constant attention, dedication and input. The scary thing is that most people think that security is something that you buy, install, and then forget about.

Vulnerabilities in industrial cellular routers’ cloud management platforms
Industrial (Industry) Cyber Security Security Services & Risk Management
Research from OTORIO, a provider of operational technology cyber and digital risk management solutions, unveils cyber risks in M2M protocols and asset registration that expose hundreds of thousands of devices and OT networks to attack