48
48
SECURITY
" In the future ransomware will , rather than blasting its way through the file systems , work silently in the background encrypting files over a period of time so that these files become a part of the back up data sets "
recovery strategy for the organisation . Once the offending programs , and all its copies are removed . Obviously , the key systems should be recovered first , but this will depend on the range and depth of the attack . Something that ’ s easily overlooked in a recovery plan is the ability to reload the recovery software with standard operating system tools because it ’ s something that ’ s often overlooked in recovery scenario tests .
The key is to have a back up plan . In the future ransomware will , rather than blasting its way through the file systems , work silently in the background encrypting files over a period of time so that these files become a part of the back up data sets . It ’ s therefore important to maintain generations of data sets , not only locally but off-site in a secure location . Remember the old storage adage that your data is not secure until you have three copies in three locations .
Here are five tips for protecting your organisation against ransomware : whenever it is absolutely safe or necessary to do so . Due diligence at all times is otherwise crucial .
One of the key weapons against ransomware is the creation of air gaps between data and any back ups . A solid back up system is the Achilles heel of any ransomware , and it has been proven many times over , such as in the case of Papworth Hospital . However , with the ever-increasing sophistication of ransomware and the use of online back up devices , it won ’ t be long before it turns its attention to those devices as well . It ’ s therefore important to have back up devices and media that have an air gap between themselves and the corporate storage network . This is going to be crucial in the future .
When you think about it , there ’ s a lot of money at stake here on both sides if ransomware becomes back up aware . So it ’ s important to think and plan ahead , and it ’ s perhaps a good idea to make back ups appear less visible to any ransomware that might be programmed to attack them .
Disaster recovery So what ’ s the most effective way to recover from an attack ? Any and every back up strategy should be based around the
1 . Educate your end users to make them more aware of the implications of ransomware and how it is distributed
2 . Ensure that you deploy an up to date firewall and email scanners
3 . Air gap your back ups and archives from the corporate network 4 . Maintain good generation controls for back-ups 5 . Remember that back up is all about recovery ; it ’ s better to prevent the need to recover by planning ahead for disasters such as a ransomware attack to maintain business continuity
These principles don ’ t change for enterprises that are based in the cloud . While the cloud provides some resilience through the economies of scale that many could not afford in their own data centre , one should not assume that the data is any more secure in the cloud than in your own data centre . Policies for off-site back ups and archive should still be implemented .
Inflight defence So how can you prevent an attack while data is inflight ? While we have not seen this type of attack yet , it ’ s always a strong recommendation that data inflight is preferably encrypted with your own keys before it hits your firewall . However , as many companies use WAN optimisation to improve their performance over WAN networks , transporting encrypted files means little or no optimisation is possible . This can affect those all-important offsite DR , back up and archive transfers . Products such as PORTrockIT can , however , enable organisations to protect their data while mitigating the effects of data and network latency . Solutions like this can enable you to build and maintain your data castle . n
www . networkseuropemagazine . com