by Geoff Coley, Regional CTO of ANZ and Southeast Asia, Veritas Technologies
Ransomware attacks are surging worldwide. But, even as you harden your frontline security, criminals are adding to their attack repertoire in an era of complex multi-cloud environments and remote workforces.
We are now seeing old standbys like phishing used alongside more sophisticated methods of social engineering and new techniques that target Internet of Things devices, cloud services and data, and infrastructure vulnerabilities.
Backup infrastructure is certainly in the crosshairs
As hackers seek to prevent recovery and force ransom payment, some are now choosing to bypass production systems altogether, exploiting backdoors such as cluster resets, external clocks and BIOS firmware. This makes it possible for malware to penetrate the network perimeter, infiltrate backup data and sit dormant in protected environments for longer before being triggered, which compromises backups. Which means, if this goes unchecked, your last clean backup may even be beyond the limit of acceptable data loss, putting you at an extreme disadvantage.
In this maelstrom of threat, vulnerability and risk, Zero Trust has become a watchword for concerned executive boards and CISOs.
Zero Trust describes a "never trust, always verify" approach to designing and implementing IT systems. It is not a single product or one-and-done solution; it is a practice and a mindset that needs to apply to every kind of data access.
Sadly, today, too many businesses fail to extend their Zero Trust strategies to their production environments, leaving their protection data wide open to lateral attacks.
Protect and Detect
A Zero Trust approach offers protection on all fronts—not just at the network perimeter, but within the network itself. It encompasses strong identity and access management controls and secure hardware to help prevent unauthorized access. Users, devices, infrastructure and data are continuously monitored and validated.
To provide more rounded protection, it is important that this detection occurs not just at the backup monitoring level, but also within the production infrastructure and at the primary data access pattern level. Deploying artificial intelligence (AI) to detect subtle signs of intrusion, it’s possible to immediately flag threats, identify ransomware and disable accounts that may have been breached in order to minimize impact.
The real crux of a Zero Trust strategy is the micro-segmentation of the network’s security perimeters and the deployment of the “principle of least privilege” to give users access only on a need-to-know basis. Creating separate pools of data with distinct user authorization in this way can minimize the spread and impact of malware attacks.
Five Best Practices for Resilience
But given that Zero Trust is not a single product or solution, how do you get started? And how can businesses incorporate Zero Trust capabilities into their wider ransomware protection ecosystems?
Here are five best practices that businesses can institute:
-
Limit access to backups
Only privileged users should have access to backups and remote access should be restricted. Different tiers of protection data should have different access permissions and should be air gapped. -
Adopt immutable and indelible storage
Immutable and indelible write once, read many (WORM) storage ensures that your data cannot be changed, encrypted or deleted for a fixed amount of time, or at all—making it impervious to ransomware infection. You can store immutable data on optical technology, purpose-built backup appliances, enterprise disk arrays or the cloud. -
Introduce identity and access management (IAM)
With multi-factor authentication (MFA) and role-based access control (RBAC), administrators can control which users and machines can access specific data and what actions they can and cannot perform. This prevents hackers from using a single credential to take over the system. -
Encrypt data in-transit and at-rest
Encrypting in-transit and at-rest data ensures it cannot be compromised within the network or exploited if hackers or ransomware gain access to it. This means that if a criminal is able to transfer or copy the data from your system, they will not be able to use it for financial gain, sabotage or reputational damage. -
Implement security analytics
Using AI-driven anomaly detection and automated malware scanning, you can monitor and report on system activities to mitigate threats and vulnerabilities. A sophisticated solution will be able to detect deviations in data access patterns to identify accounts that might be used to run malware and analyze changes in backup attributes to identify possible intrusions.
Taking these actions and embracing “never trust, always verify” as your motto for ransomware resilience won’t make you immune to attack, but they will give you the best chance of protecting your data and your business while denying malicious actors a lucrative payday.