The recent wave of cyberattacks have centred on ransomware. What is ransomware and why should organisations be alarmed?
Consider these facts:
- 4 out 10 businesses have been hit by ransomware in 2015
- 1/3 of these businesses lost revenue and 20% shutdown operations
- 4,000 daily ransomware attacks in 2016, up from 1,000 in 2015
- Healthcare and financial services are the most common target for ransomware attacks
- But only 6 percent report these attacks
- Ransomware and other types of data breaches to cost US$3 trillion by 2020 from US$450 billion in 2016
The consequences of a ransomware attack cannot be underestimated - take the second example I would like to share of a medical institution. In this case, the hospital was breached and its Electronic Medical Records were encrypted and held for ransom. The hospital had to resort to paper records and departments in the hospital - ER, ICU, Registration, etc. - struggled to function. The hospital even ended up moving 900 patients to other care facilities in the area.
Now here's the interesting part. The ransom amount that the hospital was asked to pay to get the decryption key? US$17,000. A cybercriminal rendered the hospital almost inoperable and forced the move of 900 patients for a mere US$17,000.
The point of the two examples is that every business is susceptible to attack and when attacks occur, they are unbelievably damaging.
So, how can business leaders protect their most essential asset - data?
We recommend that organisations improve its cybersecurity status in 3 key ways when it comes to data protection.
As a first step, employ traditional data protection best practices. To protect against a broader base of attacks, deploy a layered data protection approach ("the continuum") for more business-critical systems but always include a point in time off array independent backup with disaster recovery replication (N+1). It is also important to protect 'born in the cloud' and endpoint data - virus/ransomware infects laptops (endpoints) through a bad website, malicious email, or even synced from a compromised cloud storage site.
To do this, organisations need solutions (such as Dell EMC's Mozy and Spanning) that can perform a full roll-back of both endpoints and cloud to ensure that the infection is removed and all data is recovered. Mozy and Spanning are both isolated from the customer network hence cannot be infected or propagate the infection.
The second method is to harden and protect the infrastructure that you already use. I should mention that Dell EMC's solutions in data protection have hardening guides, which can assist you through the process. For data that must be even more strongly secured, consider hardening services that go well beyond the basics and adhere to the US Defence Information Systems Agency (DISA) Security Technical Implementation Guide (STIG) requirements.
Lastly, use advanced protection services. Organisations need to seek advice on a holistic security implementation, to implement the necessary infrastructure and to validate that everything is working as designed. For example, Dell EMC's Isolated Recovery Solution is a solution to protect against today's most devastating attacks and enable a very fast recovery. The concept of isolated recovery can be overwhelming. The key is to focus on the most critical data first - the 'heartbeat' applications or data sets that are needed to rebuild the business.
Here are a couple of examples:
- In Healthcare, the data is usually the patient Electronic Medical Record
- In Manufacturing, it is the ERP system or whatever systems keep the plants running
- In Banking and Capital Markets, the data is usually customer-specific - who they are and how much they have in the bank; the list of depositors
- In Life Sciences (Pharmaceutical), data sets related to clinical trials or research & development (intellectual property)
Sign up for Computerworld eNewsletters.