We can’t talk about ransomware without talking about recovery
Chris McKean
It’s not extreme to say that most businesses will suffer from a cyber-attack in the next few years. Recent research from the UK government found that half of UK businesses experienced some form of cyber security breach in the last 12 months. Rising ransomware attacks are threatening businesses globally, and the accessibility of advanced artificial intelligence (AI) technologies are enabling even the most novice of cyber-criminals to launch sophisticated attacks at scale.
And as threats increase, businesses need to be building up their defences at speed, and implementing a proactive approach to their security. Yet, a report from PWC found that more than one-third of companies haven’t implemented risk management efforts, and only one-in-four have made cyber-resilience improvements. With new malware and techniques emerging, businesses must prepare not only to avoid falling prey to a cyber attack - but also to recover in their aftermath. Planning for recovery must be approached as importantly as cyber protection measures.
Businesses cannot financially afford to lose access to their data, or the long-term effects of an attack could risk the very survival of an organisation. So what steps can businesses take to protect their data, through both protection and recovery?
Preparing defences:
Cybercriminals are increasingly utilising advanced techniques to bypass security layers, target vulnerabilities like unsecured APIs, outdated security certificates, or weak identify verification measures. The deployment of malware that can bypass or disable security measures enables attackers to infiltrate systems undetected and cause significant damage. As AI also heightens the quality of attacks being launched, security teams must employ a variety of defensive techniques to protect their businesses and their data from breaches.
Methods like multi-factor authentication (MFA) can be used to prevent unauthorised access to data, which can help keep data safe even if an attacker gains access to password details. This adds another layer of authentication, as access to data will be granted only if the identity of the user can be confirmed via a second verification method.
A Zero Trust approach is another method for businesses to confirm each digital connection made, by never trusting and always verifying. With stronger authentication techniques, and ‘least access’ policies, the internal systems of an organisation are fortified. Endpoint detection and response (EDR) tools also provide extra layers of data security, allowing businesses to proactively deal with threats and identify security vulnerabilities within software that a business may otherwise be unaware of.
At the core of many security techniques is the need to protect the data on which the business runs. Data remains the fundamental foundation of organisations, driving many decisions and insights, and it is crucial businesses constantly renew their cyber-resilience approaches to protect this crucial asset.
Data recovery is protection
While prevention is rightly a major focus in any cybersecurity strategy, today’s landscape means businesses must be ready for the day they are inevitably faced with a successful cyber attack. That’s why recovery must be an equally large pillar of an organisation’s strategy. This is especially important today, when so many businesses are turning to the cloud and data is spread across multiple sources. Storing and securing this data effectively, regardless of how it is stored, must be a priority. In order to remain protected, businesses must have a consistent approach to data security across all their environments and extend security into their cloud systems.
One important safeguard can be created by using multiple recovery endpoints which makes the data data fixed and unerasable, ensuring that even in the face of unauthorised access, a business can recover their data. Another key practice is backups. Backing up all data with immutable and indelible copies is absolutely critical in data protection. This allows businesses to access a high-availability backup that will always be required. From a security perspective, the capabilities of a backup must have additional protections layered and embedded into it to ensure cyber resilience. And finally, multiple copies of this data should be available, and these backups should be stored across different formats such as on on-premises hard drives and in the cloud.
Many cyber attacks go beyond an initial breach, and actively seek to remove the organisation’s capability to recover fast. That’s why a cyber-resilient infrastructure needs to be robust in the first place. This will also help reduce the likelihood of a breach as well as its severity - ultimately reducing the amount of time a business might spend offline.
It is unfortunately no longer cynical to say that most businesses will face a cyber attack at some point. Preparing for the worst-case scenario by implementing a fortified defence recovery plan to protect data cannot be forgotten as part of an organisation’s cybersecurity strategy. As breaches rise, and threat actors advance, recovery will be cemented as important as prevention in protecting one of the most important assets to every business - data.
Upcoming Cyber Security events
Cyber Security updates
Sign-up to get the latest updates and opportunities from our Cyber Security programme.
Authors