More Security Might Not Cure Ransomware

Hollywood scriptwriters must have been kicking themselves when cyber thieves came up with the idea of ransomware. It has well and truly captured the imagination, driving genuine fear into the hearts of many business leaders who had hitherto paid little attention to cyber threats in general.

The really clever thing about ransomware is that the crimes are rarely targeted at "obvious" pools of valuable data such as credit card records and banking information. Ransomware is at its most supremely evil when it strikes at data that you (and possibly only you) find valuable. A little like the act of kidnapping someone's pet dog; the market value is irrelevant -- it's how much it matters to the owner.

The net effect of this is that the usual cyber targets (banks, other financial institutions, etc.) aren't bearing the brunt of this threat. It's at least as likely to be research institutions, healthcare providers, pharmaceuticals, utilities -- any sector where having data held to ransom could be ruinous.

What if the answer isn't "more security"?

You've got to hand it to the cybersecurity industry. They've made hundreds of billions of pounds over the years, and yet seem no closer to actually stopping cyber attacks than when the first computer viruses were created. Rather than becoming discredited, this apparent failure is its own reward; encouraging customers to consider how much worse things would be if they didn't keep buying security solutions. You need merely whisper "ransomware" to experience a sales onslaught of weird, wonderful and ultimately expensive ways of protecting yourself -- but with zero guarantee they will work.

This is sheer madness; a snake eating its own tail. It's time to stop thinking of ransomware as a failure of security and start calling it what it really is: a failure of effective data management.

Boring old backup saves the day
The first lesson in data management is to backup regularly. In data-intensive sectors, this can be far easier said than done. Pulling very large data sets into a coherent backup process is often complicated by inefficiencies and data infrastructures that have built up over time. This, in turn, can lead each backup to be a lengthy process -- six to eight hours is not out of the ordinary -- which discourages IT professionals from performing them frequently. As a result, many organizations have a disconnect between how often they would like to perform backups (typically daily) and how often they manage to (weekly, monthly or even quarterly).

This is a recipe for catastrophe should some unforeseen event disrupt your IT systems. One such event could be a ransomware lock-out, leaving you with a backup copy that may be considerably out of date.

Why pay criminals for data that you already have?
Read the news reports about ransomware and you'll spot an Achilles' Heel in the criminal masterplan. Namely, that if the victim kept an up-to-date copy of its data, there would be no need for them to pay to get it back. Such an event would still constitute a serious security breach, but at least they'd have their precious data.

More and more organizations are waking up to this simple truth by instigating a three-pronged strategy to address the ransomware problem:

Stream 1: Education
Ransomware is an infection that usually requires people to do things they shouldn't. Like any modern threat, ransomware relies on the concept of 'social engineering' and other human factors. The best way to counter this is by involving your people in relevant education programmes. Be sure to include everyone who has access to email, computers and servers in your organisation.

Stream 2: Cybersecurity vigilance
The cybersecurity industry might be behind the curve on ransomware, but that doesn't mean you shouldn't leverage solutions that stop the easiest 95% of known attacks from getting through. Whether you run endpoint antivirus or network-based security (or both), this is a vital layer of defense. Also, ensure that you decommission out-of-support/end-of-life data management software and always run recommended patches and updates.

Stream 3: Get serious about backup to enjoy total data protection
Modern IT backup solutions take frequent, incremental backups every minute or so. Being incremental means you never stress your network out (or your IT staff) by repeating entire backup processes. Should your business encounter ransomware and the inevitable demand for money to unlock your data, you can safely ignore it. Simply roll back your data to the second before the attack struck. This way, you can be assured that your valuable data and systems continue running and the malware cannot be retriggered.

To conduct incremental backups, backup appliances need to be updated to detect and record block-level changes from snapshots, taking individual backups at hundreds of points per day. Some solutions supplement this with the capability to detect ransomware inside a backup, and notify IT staff accordingly. This mitigates the spread of infection.

Taking away the power of ransomware's extortionists feels good, but it requires a combination of effective security measures and a nimble, continuous backup process. Only then can you have a data governance process worthy of the name, and a cast-iron insurance policy against anyone who claims to have kidnapped your data.

Related posts:

— Nick Claxson is managing director of Comtec Enterprises.