Ransomware is part of disaster recovery

Issue 3 2022 Security Services & Risk Management, Infrastructure

Hemant Harie.

There can be no doubt that ransomware attacks are on the rise across the globe. A simple online search will reveal thousands of statistics in this regard and South Africa is no exception.

What is also clear from numerous examples of successful breaches, is the potentially devastating effect of a ransomware attack, which can cripple a business and shut down essential services for extended periods, not to mention cost a fortune to recover from. They are, in fact, a legitimate business disaster and need to be considered as such when it comes to disaster recovery and business continuity planning.

Under siege

There is no shortage of high-profile examples of ransomware attacks in South Africa over the past two years, from Johannesburg City Power to the Life Healthcare hospital group, Transnet Ports to the Department of Justice and Constitutional Development. To highlight the magnitude of the problem, according to the Interpol African Cyberthreat Assessment Report, in the period January 2020 to February 2021, there were 230 million threat detections. The report also lists ransomware as one of the top threats affecting Africa, with nearly two-thirds of companies in the region affected by ransomware in 2020 alone.

Mind the gap

Malware can infect anything and everything that is online and these days, almost everything is online. With the risk of cyber-attacks so high, it has become imperative to have a plan to deal with the eventuality. Prevention is obviously better than cure, but when the threat simply cannot be prevented, the ability to recover is crucial and that is where data management needs to come into play.

One tried and tested method of protecting data and thus of having a copy of data available to recover from, is the concept of air gapping or data isolation. An air gap can either be physical or virtual, but it is, in effect, exactly what it sounds like: putting space between the copies of your data, to ensure that if one copy is infected, it cannot infect the other – like social distancing for your data. This can be done with physical copies of data, or in the cloud, by using separate clouds to store production and backup data copies.

Data isolation is a similar concept, which involves removing a copy of data to another location to separate it and prevent infection. Tape is an excellent example of this, where backup data is taken offsite to secure storage and repatriated on request. Data isolation limits access to data and creates an immutable copy through Write Once Read Many (WORM) architecture. Using WORM means that in the event of a ransomware attack, backup data cannot be corrupted or infected.

The threat lies in wait

Air gapped, isolated and immutable data copies are an essential component of data management. However, ransomware often lies dormant in an environment for an extended period, gathering information before it is activated to attack. This means that there is a distinct possibility that the air gapped, isolated and immutable copy of data is already infected and if it is used for restore purposes, the ransomware can simply be reactivated.

This is where regular maintenance, testing, threat detection and above all, keeping multiple copies of data from multiple points in time, becomes imperative. This way, should it be discovered that a backup copy is infected, you are able to roll back further to a previous copy that is free of the malware. Data management, data protection and disaster recovery around data requires multiple tools in multiple layers to ensure adequate coverage.

Best practices are best for a reason

Following a best practice framework for ransomware protection and recovery can prove to be invaluable. One such example is the National Institute of Standards and Technology (NIST) which proposes five steps to help mitigate the risk and impact of a cyber-attack:

1. Identify – assess and mitigate risks.

2. Protect – isolate, lock and harden data from changes.

3. Monitor – detect anomalies and threat patterns.

4. Respond – analyse the data and perform the actions as outlined in the plan.

5. Recover – restore clean data quickly to get business back up and running.

Ransomware attacks have become inevitable and being prepared for them is key to surviving the onslaught. This means having a recovery plan that aligns with business, maintaining readiness and responding when they occur. It means having an expert partner to assist with data management, protection and recovery. It means planning, testing and responding effectively. In short, it means that cyberthreats like ransomware are a disaster and they need to be treated as such or businesses face risk that could shut them down for good.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Understanding the power of digital identity
Access Control & Identity Management Security Services & Risk Management Financial (Industry)
The way we perceive business flourishing is undergoing a paradigm shift, as digital identity and consumer consent redefine the dynamics of transactions, says Shanaaz Trethewey.

What you can expect from digital identity in 2024
Access Control & Identity Management Security Services & Risk Management
As biometric identity becomes a central tenet in secure access to finance, government, telecommunications, healthcare services and more, 2024 is expected to be a year where biometrics evolve and important regulatory conversations occur.

More than just a criminal record check
iFacts Security Services & Risk Management
When it comes to human-related risks, organisations and their most senior leaders focus on a narrow set of workforce risks, the potential risks that human workers pose to the business.

All aspects of data protection
Technews Publishing Editor's Choice Information Security Infrastructure AI & Data Analytics
SMART Security Solutions spoke to Kate Mollett, Senior Director, Commvault Africa, about the company and its evolution from a backup specialist to a full data protection specialist, as well as the latest announcements from the company.

Tech developments lead hologram growth in 2024
News & Events Security Services & Risk Management
Micro-lenses, micro-mirrors and plasmonics are among the rapidly-emerging optical devices that have evolved on the back of holographic and diffractive technologies, and are seen as part of the natural evolution of optical science by R&D teams.

Are you leaving money on the table?
Editor's Choice Security Services & Risk Management
How many customers have you helped since starting your business? Where does most of your new business come from? If the answer is not from your database’s existing customers, you might have a problem.

Majority of South African companies concerned about cloud security
Information Security Infrastructure
Global and local businesses share a common concern when it comes to cloud security. 95% of global businesses and 89% of local businesses are concerned about the security of public clouds.

Consolidated cybersecurity management
Technews Publishing Editor's Choice Information Security Infrastructure
SMART Security Solutions spoke to Gareth Redelinghuys, Country Managing Director, African Cluster at Trend Micro, to find out what makes Trend stand out from the crowd and also its latest market offerings.

Access to data centre secured
Suprema Access Control & Identity Management Infrastructure
GBM required a modern access control system to increase the security of its facilities in a productive environment without affecting the operation of the offices and the data centre, which are carried out 24/7/365.

Africa’s growth lies on shoulders of renewable energy
News & Events Infrastructure
The Africa Tech Festival from 13 to 16 November in Cape Town will unpack the challenges and discuss the pivotal role of sustainability & renewable energy in advancing technological development in Africa.