Stakeholders must adjust to the evolving threat landscape posed by ransomware attacks, with a new line of defence needed to bolster cyber resilience, according to James Wright, regional director ANZ/Oceania at Cloudian.
As we’ve learnt the hard way from the pandemic, despite our best efforts, it’s not always possible to keep the virus out.
We can chalk it up to policy decisions, human error, unpredictable strains, or any other number of factors, but the fact remains that the virus has found its way in, and we have endured multiple difficult lockdowns to prove it.
In response, we’ve used a ‘last line of defence’ strategy to bring the community back to safety. This began with restrictions and lockdowns and is transitioning to the vaccine. The same is true in another virulent challenge Australia is facing – ransomware.
Despite the right perimeter defences being in place, time and time again we’re seeing these defences fail and organisations across a wide range of industries suffer the consequences.
The data behind the defences
We recently revealed survey findings which showed almost half of ransomware attack victims had perimeter defences in place at the time of attack, and more than half had conducted anti-phishing training among staff.
Organisations across Australia are spending a huge amount on these kinds of defences with no guarantees of them being enough to stave away an average financial cost of $400,000 from an attack, not to mention the customer, shareholder and reputational damage that comes with it.
The proliferation of public cloud in Australia, which is estimated to hit $10.6 billion by the end of this year, is having an impact too, with this shared computing system the most common point of entry for ransomware according to the Cloudian report.
Once inside, attackers are wasting no time doing the most amount of damage. The research found 86 per cent of attackers were able to gain control of data and demand ransom within just 24 hours of the initial breach.
It is clear from this research, and the increasing number of ransomware attacks, that we need to do more to protect data – the lifeline of every business.
The tougher stance being taken by Australia and others against nation state-based and other governments is a promising development, as is the Australian Federal Police (AFP) ransomware taskforce which will nearly triple the number of resources dedicated to cybercrime response.
But we also need to think a layer deeper – specifically, the storage layer where an organisation’s data is written – to create a cohesive response and last line of defence against ransomware gangs.
Making data unencryptable
The capability now exists for governments and enterprises to create an immutable backup copy of their critical data.
This means the attacker is prevented from encrypting or deleting data for a specified period of time. So even if they can get in, business-critical data backups are unchangeable and unavailable to them, but fully available to the victim to get operations underway again.
This negates the need to pay the ransom, simple as that.
As Gartner puts it: "Having an immutable copy of the backup is the most important item to start protecting backup data. All other initiatives are complementary."
The devil lies in the detail too – there are plenty of backup providers who tout having immutability, but it only applies to data in transit. To truly protect backup data and ensure it serves as a last line of defence, it must also be immutable at its final destination. This is the key to ensuring rapid recovery following an attack without having to give in to ransom demands.
Just as we will eventually learn to live with the virus, we must also learn to live with the threat of cybercrime in a way that it doesn’t debilitate our businesses or put people in harm’s way.
The only way to do that is to put the right systems in place and prioritise secure, immutable data backup within all Australian organisations. The cost and risk of inaction is simply far too high.
James Wright is Regional Director ANZ/Oceania for object storage company Cloudian