Search
Close this search box.

Ransomware Protection: Focus on Backup and Recovery

Ransomware protection has been one of the main challenges faced by companies of all types, sizes and segments, and technology teams must be ready to take all necessary measures to minimize risks and ensure high availability of operations.

In August this year (2021), global consulting firm Accenture suffered a ransomware attack that threatened sensitive data. This made it another victim in a long line of organizations that have suffered from this type of attack in recent months.

Accenture was “lucky”. Prior to the incident, the company implemented security controls and protocols to protect its IT infrastructure against these threats and prepared a response against ransomware attacks.

As far as the company knows, no customer data or sensitive information was compromised after the attack.

However, many other companies have not been so lucky. Ransomware attacks add up to millions in lost revenue, recovery costs and ransom payments.

Even companies with required ransomware protection actions can still fall victim to attacks, a threat that continues to increase as ransomware becomes more sophisticated and adept at infecting backup data.

IT is under increasing pressure to ensure protection against Ransomware

A big challenge for companies that still struggle to implement effective policies and actions that include security, backup and recovery.

This is shown in Veeam’s Data Protection 2021 report, which points out that 58% of enterprise backups fail, leaving data unprotected against cyberattacks and cybercriminals.

Indeed, data backups and recovery procedures are the first line of defense for protection against Ransomware and other threats, but these backups must be fully protected.

This not only includes physical protections such as video surveillance or entry-exit logging, but also comprehensive storage and network security, which can include a wide range of protections.

An IT team, for example, can use vulnerability scanning, network segmentation, multi-factor authentication, network monitoring, intrusion detection systems and anti-malware/anti-ransomware software to ensure the protection of backups performed during companies’ business operations.

For an effective Ransomware protection, keep at least two copies of each backup

Store them on different types of media and locate them somewhere other than the primary network. At least one of these backups should be immutable and kept offline.

With an immutable backup, data can be written only once, usually in a single session, and cannot be updated or deleted, a strategy often referred to as WORM (write once, read many).

Along with these protections, IT teams must also ensure that all systems are patched and updated in a timely manner.

Backup protection should be part of the prevention strategy against ransomware attacks

The first step in preventing ransomware attacks is to review and update backup policies. These policies should reflect what data the organization has, where it is, and the systems that IT teams should recover first in the event of an attack.

Effective policies detail and validate everything that businesses need to back up and when those backups should occur. Perform data backup operations regularly and frequently, with critical data most of the time.

Also, check and analyze backups for infections. In practice, policies should specify how long to retain backups. Remember that ransomware can remain in the background for quite some time.

An organization should have a comprehensive monitor and alert system that tracks the entire technology backend, including endpoint and network environment, looking for anomalies in traffic, data patterns, user behavior and access attempts.

The protection framework created for the backup should be able to automatically respond to ransomware attacks

Such as quarantine of infected systems. These systems can use machine learning and other advanced technologies to identify and mitigate threats.

Ensure end users receive the education and training they need to minimize risky behavior and know what to do if they suspect their machines have been infected.

Don’t forget that IT teams should take all possible measures to reduce the network attack surface and limit the possibility of end-user actions resulting in ransomware.

Finally, to ensure efficient ransomware protection, IT teams should bring clean systems online, check which backups can be safely restored, and then recover data from those structures.

Once the systems are up and running, they should document lessons learned and take all necessary measures to reduce the risk of subsequent ransomware attacks.

How Ransomware uses Unprotected Remote Access Protocols (RDP)

CipherTrust Data Security Platform Enables Assertive Investment in Ransomware Protection

According to IDC, more than 175 zetabytes of data will be created by 2025, and today more than half of all corporate data is stored in the cloud.

To handle the complexity of where data is stored, CipherTrust Data Security Platform provides strong capabilities to protect and control access to sensitive data in databases, files, and containers. Specific technologies include:

CipherTrust Transparent Encryption

Encrypts data in on-premises, cloud, database, file, and Big Data environments with comprehensive access controls and detailed data access audit logging that can prevent the most malicious attacks.

CipherTrust Database Protection

It provides transparent column-level encryption of structured and confidential data that resides in databases such as credit card, social security numbers, national identification numbers, passwords, and e-mail addresses.

CipherTrust Application Data Protection

It offers APIs for developers to quickly add encryption and other cryptographic functions to their applications, while SecOps controls the encryption keys.

CipherTrust Tokenization

It offers application-level data tokenization services in two convenient solutions that provide customer flexibility – Token without Vault with dynamic policy-based data masking and Tokenization in Vault.

CipherTrust Batch Data Transformation

Provides static data masking services to remove sensitive information from production databases so that compliance and security issues are alleviated when sharing a database with a third party for analysis, testing, or other processing.

CipherTrust Manager

It centralizes keys, management policies, and data access for all CipherTrust Data Security Platform products and is available in FIPS 140-2 Level 3 compliant physical and virtual formats.

CipherTrust Cloud Key Manager

It offers its own key lifecycle management (BYOK) for many cloud infrastructure, platform, and software-as-a-service providers.

CipherTrust KMIP Server

It centralizes key management for the Key Management Interoperability Protocol (KMIP) commonly used in storage solutions.

CipherTrust TDE Key Manager

Centralizes key management for encryption found in Oracle, SQL and Always Encrypted SQL.

The portfolio of data protection products that make up the CipherTrust Data Security Platform solution enables Ransomware protection for data at rest and in motion across the IT ecosystem, ensuring that the keys to that information are always protected and only under your control.

It simplifies data security, improves operational efficiency, and accelerates compliance time. Regardless of where your data resides.

The CipherTrust platform ensures that your data is secure, with a wide range of proven, industry-leading products and solutions for deployment in data centers, either those managed by cloud service providers (CSPs) or managed service providers (MSPs), or as a cloud-based service managed by Thales, a leading security company.

Tool portfolio that ensures data protection against ransomware attacks

With data protection products from the CipherTrust Data Security Platform, your company can:

Strengthening security and compliance against ransomware attacks

CipherTrust data protection products and solutions address the demands of a range of security and privacy requirements, including electronic identification, authentication and trust, Payment Card Industry Data Security Standard (PCI DSS), General Data Protection Act (LGPD), and other compliance requirements.

Optimizes the efficiency of the team and resources used to protect against Ransomware

CipherTrust Data Security Platform offers the broadest support for data security use cases in the industry, with products designed to work together, a single line for global support, a proven track record of protecting against evolving threats, and the industry’s largest ecosystem of data security partnerships.

With a focus on ease of use, APIs for automation, and responsive management, the CipherTrust Data Security Platform solution ensures that your teams can quickly deploy, secure, and monitor the protection of your business.

In addition, professional services and partners are available for design, implementation, and training assistance to ensure fast and reliable implementations with minimal staff time.

Reduces total cost of ownership

The CipherTrust Data Security Platform Ransomware Protection portfolio offers a broad set of data security products and solutions that can easily scale, expand to new use cases, and have a proven track record of protecting new and traditional technologies.

With CipherTrust Data Security Platform, companies can prepare their investments for the future while reducing operating costs and capital expenditures.

About EVAL

EVAL has been developing projects in the financial, health, education and industry segments for over 18 years. Since 2004, we have offered Authentication, Electronic and Digital Signature and Data Protection solutions. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.

With value recognized by the market, EVAL’s solutions and services meet the highest regulatory standards of public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.

About the author

Other posts