Data protection is one of those enterprise technologies that, by design, you shouldn’t hear about very often. At its best, such services are continuously running in the background, quietly doing their job and ready at a moment’s notice when disaster finally strikes. Most often, and seemingly increasingly, we hear the stories about when they fail — when data is lost, operations are shut down for days while partial recoveries are attempted, or when ransoms are being paid to cyber criminals to retrieve critical data.
These latter scenarios are every IT department’s worst nightmare, often the sort of thing that keeps leaders, and even company executives, up at night. IT leaders are often persuaded to buy extra or redundant services to make sure their company is prepared for such an eventuality.
Mr. Stephen Manley, CTO, Druva, shares his views on how organizations can mitigate cyber-attacks by using the right data resiliency tools.
- As a SaaS provider, how critical do you believe it is for organizations to adopt proactive security measures before a security breach occurs?
Ransomware attacks are a daily occurrence, and it’s only gotten worse since the pandemic. These attacks not only cause significant financial damage but can diminish a brand’s reputation and customer trust. No one team can stop, detect, or recover from ransomware – it requires a cross-organizational effort.
Security and data protection are key pillars of modern data infrastructure. Security can no longer build a wall around infrastructure because the most dangerous threats are already inside. Therefore, every organization needs a trusted, offsite, secure copy of its data. They also need a simple, tested, cross-functional plan for how they will respond and recover from the attack. A proactive security and data protection plan is the key to surviving an attack.
2. Is there a way to understand what databases or files have been corrupted and how quickly can the data be recovered with the help of cyber resiliency?
After a cyberattack, there are three initial questions to answer. First, how can we stop it from spreading further? Second, what was affected? Third, how did it penetrate and what path did it take?
When answering these questions, traditional security tools such as log monitoring, identity access managers, and security information and event management (SIEM) systems can provide a trail of breadcrumbs a security or forensics team can then follow to identify affected systems. It can be an incredibly time-consuming and costly process if outside resources are needed.
Data resiliency products can speed up the process of identifying corruption because the criminals are attacking the data. The data protection solution should identify unusual file change patterns to help signal the security and forensics tools and teams.
While the forensics are running, IT should work in parallel to prep systems for recovery. First, it can set up a clean room in the cloud or in the data centre. Second, they can help identify the data that was on each infected system so the organization can prioritize the systems to be returned to operation. Third, it can scan the data in a sandbox to ensure that it is not still infected. Finally, an advanced system should automatically pick the last good version of every file, so the users get clean, accurate data.
3. Can you give us some insight into what data integrity is and how do you ensure an organization’s data cannot be wiped or encrypted during a ransomware attack?
At Druva, we believe that data accuracy, completeness, and consistency are all aspects of data integrity. Data security and regulatory compliance are frequently referred to as data integrity. It is upheld by a set of procedures, guidelines, and standards put in place at the design stage. No matter how long the data is kept or how frequently it is accessed, the information saved in a database will stay accurate, complete, and trustworthy if the integrity of the data is safe.
It is impossible not to consider the importance of data integrity in preventing data loss or a data leak. The first step to keeping your data safe from external forces is ensuring that internal users are treating data properly. You can ensure that sensitive data is never misclassified or wrongly stored, putting you at risk, by implementing data validation and error checking.
To secure and automate the backup process, it is essential to identify crucial assets as well as non-pertinent data which can be cleared or destroyed. It is equally important to ensure that the backup data cannot be encrypted or deleted by ransomware. Restricting data access is one of the best methods to keep information safe. If too many people have access to and can remove data or reassign administrative responsibilities, threat actors can compromise even low-level credentials and use them to lock out other administrators from the backup environment or destroy data.
4. Can you explain the difference between ransomware recovery and standard disaster recovery and how does it help in recovering complete and clean data?
A ransomware recovery involves restarting activities after a cyberattack that inserts malicious tools into your system, encrypt data and/or extracts data, and demands payment in exchange for stopping such an attack. In such a case you are not only tasked with pulling recent backups to recover but must also undertake a careful and exacting review of systems and environments to ensure there are no malicious tools hiding in other parts of the system. The malware must be neutralized, while backups must also be reviewed to ensure they are not infected. Otherwise, any recovery will simply reintroduce the malware, putting the IT and security teams back to square one. Having reliable data backups, which are air-gapped, encrypted, and regularly tested are some of the best tools at your disposal to combat a ransomware attack.
On the other hand, a standard disaster recovery (DR) plan is a formal document that offers specific instructions on how to handle unanticipated occurrences, data losses, and outages that cause disruptions including natural catastrophes, power outages, cyberattacks, etc. The strategy includes tactics for minimizing the potential impact of such an event, a process to recover quickly and securely, and shortening any potential business interruption. Extended disruptions may result in lost sales, harm to a company’s reputation, and disgruntled clients. Therefore, regardless of the cause of the disruption, a strong disaster recovery strategy, which is regularly pressure-tested, is critical to enabling quick recovery.
Organizations are finding that their disaster recovery planning is an essential component of ransomware recovery, but recovering from a cyber attack demands extra layers of protection and action.
5. To what extent adopting data resiliency will help organizations in strengthening their business and mitigating the risks of cyber-attacks?
Enterprise-wide rapid digitalization has increased both the impact and likelihood of attacks. As the number of applications, environments, and endpoints multiplies, data protection and data resiliency efforts must be centralized. A piecemeal approach is no longer tenable.
According to the recent IDC report, 92% of organizations claim that their data resiliency tools were efficient or highly efficient, however, 67% hit by ransomware were forced to pay, and nearly 50% experienced data loss. It is not enough to have siloed data resiliency tools. You need an integrated data resiliency strategy.
A cyber resilience plan safeguards your data, applications, and system infrastructure. Through effective identity access management, you can make sure only authorized users access systems. You also need to be able to identify any potential vulnerabilities in your apps that could be exploited. The greatest levels of security must be used to protect the privacy of your data, including information about your clients, staff, and intellectual property.
The security environment is ever-evolving. A strategy for cybersecurity that is flexible, adaptable, ever-evolving, and robust is the best route to business continuity, regardless of threats like hackers, disasters, changing business models, and more.
Finally, if you are worried that you cannot keep pace with the threats, you may want to look at a data resiliency service.