As we mark World Backup Day’s 13th anniversary, we’re reminded of the constant threat to our personal and mission critical organizational data. Cyber attacks, and in particular ransomware, continue to plague the public and private sectors, with potentially devastating impacts.
Despite February’s takedown of the notorious LockBit gang, believed to be located in Russia, through a collaborative effort of law enforcement agencies in 11 countries, as reported by Axios, serious attacks continue to succeed. In recent weeks, we’ve seen a number of high-profile attacks in the US and UK. Among the most serious are an attack on US based Optum, a subsidiary of Change Healthcare, which facilitates customer payments and insurance claims. That attack, carried out by another Russian syndicate known as AlphV, caused serious disruption to the pharmaceutical prescription market across the country.
Other recent and notable attacks include those on The British Library, Nissan and Stanford University. All of these attacks resulted in catastrophic data breaches, financial loss and reputational damage.
AI increases the ransomware threat
As if the challenges posed by keeping on top of the ransomware threat weren’t difficult enough, it seems that the world is set to see even greater threat levels, as cyber criminals add AI to their toolbox. According to a report published in January by the UK’s National Cyber Security Centre (NCSC), AI will almost certainly increase the volume and impact of cyber attacks in the next two years and the organization urges widespread adoption of protective measures to mitigate the impact of this new threat.
One of the reasons that AI poses a greater threat level is the fact that it lowers the barrier to entry for nefarious actors, meaning that even relatively unskilled cyber criminals can conduct more effective information gathering and victim targeting. It can also be used to identify high-value data for examination and exfiltration, maximising the impact of security breaches.
The report also warns that by 2025, "Generative AI and large language models (LLMs) will make it difficult for everyone, regardless of their level of cyber security understanding, to assess whether an email or password reset request is genuine, or to identify phishing, spoofing or social engineering attempts."
Planning for post attack recovery
Today, it’s a given that all organizations will have robust cyber attack defences in place and plans for a worst-case scenario. Yet despite best efforts, ransomware attacks remain a constant threat, often through the failings of the weakest link in the cyber defence chain, people, and always through the determination of attackers. Most organizations have shifted their thinking to when they’ll be attacked, not if. But the question then becomes, what are their recovery plans? Fortunately, there are a host of best practice approaches that can be deployed to aid recovery in the event of a cyber attack recovery. It’s important for organisations to become familiar with those in advance of an attack.
A comprehensive cyber defence strategy should take into consideration
Immutable Backups
These are backups that cannot be modified or deleted, even by administrators. Immutable backups should be a critical component of an organization’s cyber resiliency plans as they help ensure that backup data is tamper-proof and can be restored to its original state, minimising the risk of data loss in the event of a cyber attack.
Off-premises or on-premises backups
Best practice disaster recovery requires a second site or some other off-site backup of an organization's data, in case an earthquake really does put an end to your data centre. With the right cyber resilience plan, however, on-premises backups can be used to speed up the restoration process. This means you can quickly restore a production site.
Threat Hunting
Threat hunting is a critical component of any cyber resilience strategy. This is the process of actively searching through backups and restored systems to identify signs of a cyber attack, for example, infected servers from backup copies or restored servers. This is important because it helps to identify the scope of the attack and to mitigate any further damage. Most good cyber resilience solutions include proactive threat hunting to identify potential threats early on, allowing you to take steps to contain the damage and prevent further attacks. This involves proactively searching for signs of a cyber attack, even if there is no indication of a breach. This may include searching for signs of unauthorized access, unusual network activity, and other indicators that suggest a breach may have occurred.
testing recovery processes is vital for both disaster recovery and cyber resilience. For cyber resilience, however, it’s also critical to test that restoration from a week or even a month prior is guaranteed. As far as the testing itself goes, it’s important to test the processes for recovering locally as well as from an off-site or cloud copy, and also to determine if a mix and match restoration processes can be achieved
Becoming cyber resilient
With the threat from ransomware and other forms of cyber attack remaining constant, it’s essential for organizations to become more cyber resilient. We’ve outlined here some of the tools and best practice approaches that contribute to resilience but it’s worth measuring your organization’s cyber resilience against three key criteria - whether it is able to monitor backup data for known threats, the ability to identify suspicious activity to detect early warning signals of attackers in your environment and the capability to recover from ransomware and other cyber attacks, on-premises or in the cloud, from immutable backups.
As a global data backup and disaster recovery managed service provider and Rubrik’s largest and most established MSP, Assured Data Protection can offer you unmatched peace of mind when it comes to cyber resilience. We’d welcome a conversation with you to understand your cyber resiliency needs.
You can book a meeting with us here
READ OUR GUIDE: 10 Steps You Should Have in Place to Recover Quickly From a Disaster, Ransomware or Cyber Attack.
