More often than not, organisations are least prepared for ransomware attacks, which ultimately impacts business continuity. Prasad Badiwale, Group CISO, Aditya Birla Management Corporation, shares some best practices to tackle the growing threat.
With the threat landscape becoming increasingly complex, ransomware is posing to be a new big problem for businesses in today’s environment. With ransomware attacks on the rise, the safety of businesses, and the privacy of data thereof is questioned.
Businesses globally are going online and digital in recent years. Sensitive, valuable, and business-critical data often falls prey to the hands of cybercriminals leading to an increase in cyberattacks.
Surviving a ransomware attack is very critical for businesses. Recovery of data and impacted systems is an arduous and more often a time-consuming task, that has been compelling organizations to invest in robust backup solutions to avoid such incidents.
More often than not, organisations are least prepared for such attacks, which ultimately impacts business continuity. Companies that deal with their clients’ data or financial data face a huge risk when their data gets compromised and hackers on the dark web hold businesses to ransom.
Despite paying huge ransom to the hackers after an attack, it takes a few days or weeks, or even months for organisations to recover the data. Identification of any data that has been lost at the security point, sanitizing the data as part of the recovery process, and restarting all the operations becomes an important challenge for organisations.
We must understand that the recovery process is a complicated task as most of the time it requires a regulator's involvement and disclosure.
How to ensure business continuity when hit by ransomware?
When ransomware hits organisations, they must first analyse and estimate both the financial and reputational loss.
Most importantly, to protect their business from ransomware, organisations must start thinking in a holistic manner. The roles of the people in the organisation must be enhanced in context to data protection and privacy of their respective domains. Unless the data is protected, you have lost your data privacy.
IT leaders must look into this issue not only from the infrastructure or application angle, where they assure that they have sufficient backup, but also bring in a new dimension to the business continuity in terms of cybersecurity.
When a ransomware attack happens, encryption of data stops access to production files and storage devices leaving organisations in a helpless situation. It is important to have a top-line security architecture to protect one's data and IT applications with immutable backup solutions that prevent unauthorized access or deletion of backups. This allows the IT teams to quickly restore the data with minimal business disruption.
Unless organisations have the understanding and knowledge of the dark side, deep side, and surface side of the cyberthreat, it is difficult to avoid or deal with ransomware attacks.
Backup is critical
Advanced ransomware is now targeting backups as well, which modifies or completely wipes out the data that has been backed up, leaving organizations with no choice other than large ransom payouts.
Hackers first get a foothold on the network, thus derailing the entire operation of an enterprise. They remain there for a prolonged time and watch or identify the critical aspects of the enterprise by continuously checking on its IT infrastructure. Their first action is to start encrypting the production data or corrupting the backup data. By the time the enterprise realises that it has been attacked and their backup data has already been compromised, it has missed the bus. This is where data resiliency becomes the key aspect for any organisation.
To recover the data in a short time, organisations must revamp or ground up their entire infrastructure in the area of centralised backup and focus on having a zero-trust policy for their data. They must look at how they can have immutability and deploy world-class backup software or ransomware-enabled backup. And, if they don’t, they require experts to negotiate with the hackers, who come at a huge price.
Best practices enterprises must adopt
- Enterprises must have the mindset to identify the attack in advance and have a strong backup and security systems in place to protect the data.
- The security framework must be integrated properly.
- Getting real-time information on what is happening with the security of the critical applications of the business on the surface level is important.
- Enterprises must consider Cyber Insurance to protect their data and applications. The insurance must be properly defined and the total value must be appropriately divided to cover ransomware, data loss, investigation, and sanitization of the systems once the attack has happened.
Ransomware attacks are only going to evolve further with hackers using various methodologies in multi-threat or multi-stage attacks. Organisations must therefore apply 360-degree risk assessment and vulnerability management to protect their IT assets and operational technology environments.
Mr. Badiwale is the Group CISO for Aditya Birla Management Corporation.
To know more: