Intelligent CISO Issue 1 - Page 29

? RICK VANOVER, DIRECTOR OF PRODUCT STRATEGY AT VEEAM I f one thing has the attention of IT decision makers worldwide, it is the risk of ransomware. We frequently see headlines on outages caused by ransomware and the reality is that this is a big problem for organisations of all shapes and sizes. As organisations implement better ways to safeguard themselves and their data, malware evolves and the reality is that breaches will happen. What is now critical is how organisations can mitigate those risks. With the rapid increase of attacks, concerns about the safety of data (both personal and corporate) come under the spotlight. Organisations therefore must implement business continuity and disaster recovery plans that complement their cybersecurity measures for their systems to withstand attacks. Failing www.intelligentciso.com | Issue 01 that, they must be able to recover quickly when the inevitable occurs. Lost data or a considerable period of downtime are not options. Being able to recover from backups is the availability you want when things don’t go as planned, should ransomware become an issue in your datacentre. Here are some tips I’ve prepared to incorporate into your designs for backup storage. 1. Have offline storage as part of the availability strategy One of the best defences against propagation of ransomware encryption to the backup storage is to have offline storage. 2. Leverage different file systems for backup storage Having different protocols involved can be another way to prevent ransomware propagation. Put some backups on editor’s question storage that uses different authentication. The best examples here are backups of critical things like a domain controller. In the unlikely event that a domain controller would need to be fully restored, there can be an issue if the storage containing the backups is an Active Directory authenticated storage resource. 3. Take storage snapshots on backup storage if possible Storage snapshots is what I call a ‘semi-offline’ technique for primary storage, but if the storage device holding backups supports this capability, it may be worth leveraging to prevent ransomware attacks. 4. Start using the 3–2–1–1 rule The 3–2–1 rule states to have three different copies of your media, on two different media, one of which is off-site. This is great because it can address nearly any failure scenario and doesn’t require any specific technology. In the ransomware era, it’s a good idea to add another ‘1’ to the rule where one of the media is offline. 5. Have visibility into suspicious behaviour One of the biggest fears of ransomware is that it may propagate to other systems. Having visibility into potential ransomware activity is a big deal. It is good to have an availability solution that provides a pre-defined ‘ransomware activity alarm’ that will trigger if there are several writes on disk and high CPU utilisation. Data management in the connected world is all about putting the structures and processes in place to ensure data is kept safe and managed properly. Organisations need to be more open towards continuous benchmarking and testing their data management strategies. It is even more critical for organisations to continuously keep abreast with the latest ransomware developments and focus on neutralising these threats. Implementing effective cybersecurity must be the focal point of organisations in the always-on world. 29