Why a Good Security Strategy Against Ransomware is Key
Mohamad Rizk, Senior Director, Technical Sales, Middle East, Russia & CIS at Veeam Software, says organisations must follow a robust security strategy against ransomware to have successful digital journeys.
Digital transformation is seen as a big investment, but is becoming a prerequisite for survival in the current and future landscape. Businesses are now more reliant on digital infrastructure than ever – with many organizations completely dependent on their IT systems and the data being generated, which is their IP. With data being viewed as the ‘new currency’ today, it is vital to protect its integrity. A Modern Data Protection solution ensuring the backup, recovery and management of critical data is essential. The Veeam® Ransomware Trends Report 2022 reveals that businesses across the globe are losing the battle when it comes to defending themselves against ransomware attacks. A robust security strategy is therefore one of the key pillars of an overarching digital transformation plan.
The Middle East is certainly not immune to cyberattacks. The opposite is in fact true. There are daily reports about data breaches, downtime and security or backup failures. The region is heavily targeted by sophisticated hackers. Organisations are beginning to realise that ransomware attacks are in fact the same as a full-scale disaster recovery scenario. Regional organisations are a lucrative target for ransomware attacks as the region is perceived to be ‘dollar rich’. And, the new normal of ‘work from home’ has made organizations a softer target for cybercriminals. Despite security measures like VPNs, tunnels, encryption etc, companies have lost a bit of control with data generally not flowing through corporate networks but rather through consumer-grade networks.
The Veeam® Ransomware Trends Report 2022, reveals the extent of vulnerability of businesses when it comes to ransomware defence. 72% of organisations had partial or complete attacks on their backup repositories, dramatically impacting the ability to recover data without paying the ransom. Cyber criminals are successfully encrypting an average of 47% of production data and victims are only able to recover 69% of impacted data! 76% of organizations also admit to paying ransomware criminals.
For businesses who feel they have no choice but to pay cybercriminals in order to unlock their files, they not only put their money at risk (as there is no guarantee their data will be returned), but also put their reputation at stake. It is interesting to note that 19% of organizations did not pay the ransom because they were able to recover their own data. This is what the remaining 81% of cyber-victims must aspire to — recovering data without paying the ransom. And this is why a robust cybersecurity strategy as well as having an insurance policy against data breaches should be a top priority.
Security Weaknesses in the Middle East
Although organisations in the Middle East in general spend a lot on security technologies, there is a huge gap when it comes to planning and executing a security strategy. This mainly boils down to the complexity of the IT environment. The region is risk averse when it comes to adopting cloud technologies and there are still a lot of legacy systems. Protecting these complicated environments is a big challenge and becomes even more so in the transition phase of moving to the cloud. The good news is that Modern Data Protection platform solutions exist that are software-driven and hardware/ vendor agnostic, designed to ensure freedom-of-choice, flexibility, ease-of-use and portability, so that businesses can be confident that they are secure and resilient throughout their digital transformation journey – no matter at what stage they are in the transition to the cloud.
Pillars of a Robust Security Strategy
Regional CISOs need to have a stringent security plan in place which includes important elements like stress testing of IT Systems, backup, a disaster recovery plan and educating employees:
Stress Testing of IT Systems
If stress testing of data, people and processes is not done at regular intervals, ideally once a month, then the business is being put at a significant risk. In our regular discussions with risk officers/ audit officers/ CIOs/ CISOs, we find that stress testing is done by many organisations only once or twice a year. There are a few reasons for the lack of testing. One is that organisations do not have the correct software and processes in place. The second, as mentioned earlier, is that organisations still have legacy, disparate systems which increases the complexities of testing of so many different parts. The fear of failure is what causes people not to stress test to the level that they should. Organisations need to look at tools and put processes in place that can test as often as possible, because only then will they have the confidence that they would be able to maintain business continuity, in the event that something were to go wrong. Working through the complexities of stress testing IT systems is undoubtedly less painful when compared with being unprepared for a disaster scenario/ cyberattack, which can potentially cost an organization millions of dollars, besides loss of reputation.
Backup – Immutability is key
Every admin should have a backup. This principle works for any virtual environment; regardless of the hypervisor you are running (VMware, Hyper-V or whatever). If data is king, backup is queen! One of the timeless rules that can effectively address any failure scenario is called the 3-2-1 backup rule. Veeam has upgraded this to the 3-2-1-1-0 rule. This upgraded rule gives incredible versatility by going the extra mile:
- There should be 3 copies of data
- On 2 different media
- With 1 copy being off site
- With 1 copy being offline, air-gapped or immutable
- And, 0 errors with SureBackup recovery verification
The last two additions are critically important today. Immutability is a solution that prevents data deletion or modification from the storage. Having a copy of backup data that is either offline, air-gapped or immutable is an incredibly resilient specimen to help ensure data recovery in a ransomware event. Knowing that data is critical to all businesses—leveraging an immutable copy of your backup data ensures that there is an untouched version of that source data that is always recoverable and safe from any failure scenario.
Enterprises produce huge volumes of employee, customer and corporate data, of which they are the trusted custodians. Given the growing importance of personal data, organizations have a broader societal responsibility to ensure their systems are fully recoverable at all times. While IT departments have a crucial role to play here, business leaders also need to truly buy in to the importance of Disaster Recovery (DR). Today, DR technologies are a little bit of a grudge purchase. Disaster recovery (DR) has consistently been ignored until it is too late, and businesses have faced catastrophic losses due to lack of planning. According to the Veeam Data Protection Trends Report2022, only 40% of organizations in UAE and 35% in Saudi have orchestrated workflows in place to streamline their recovery processes. Over a quarter of these organizations still rely on manual mechanisms for recovery, which is a contradiction to BC/DR best practices that assume that IT team members who regularly manage IT systems and services, will be available to apply their skills and reconfigure the recovery environment.
For IT departments, DR planning may not be the most glamorous and lucrative task, but it is not one which should be bypassed or treated as a box-ticking exercise. A good DR strategy should encompass a clearly documented process that has been tested. DR testing needs to be stringent – looking at every possible eventuality and preparing an appropriate response. While this can be a cost-intensive exercise in terms of resource, for businesses that view more and more of their apps as business-critical, the return on this investment will be realised when disaster strikes.
With DR planning having a reputation for being difficult and time consuming with a significant CAPEX, organisations in particular SMBs may be well advised to consider Disaster Recovery as a Service (DRaaS). It is a cloud-based service that makes it easy for organizations to set up alternate processing sites for disaster recovery purposes. DRaaS is important because it represents an innovative and less costly way to back up critical data and quickly recover critical systems after a disaster. Global Cloud Service Providers (CSPs) like Microsoft Azure and Amazon Web Services (AWS) and others have set up datacentres in the Middle East in line with government regulations regarding data sovereignty. They offer extremely cost effective, OPEX based DRaaS capabilities due to their scale.
Companies spend a lot of time putting safeguards in place for the various segments of their infrastructure like networks, storage, servers etc. However, they often ignore one of the biggest vulnerabilities in the organization – its people! In today’s age when everyone’s profiles are online, a hacker can easily find all the information they need about a person to be able to create a scenario that feels comfortable for the individual targeted, drawing the victim into unwittingly clicking a harmful link or divulging sensitive information that puts the organization at risk of a security breach. Sometimes it can take years to discover insider threats because they are so hard to detect. Without creating awareness and providing deeper understanding of best practice through cyber literacy, any threat mitigation tool is rendered useless. It is imperative to educate employees and ensure they practice impeccable digital hygiene.
If organisations in the Middle East follow the above pillars of a sound security strategy, then they would have taken care of a very important piece of the digital transformation puzzle.