Majd Sinan, Security Leader, Gulf, Levant and Pakistan at IBM, tells us how minimizing the impact of ransomware attacks demands a shift in mindset.
Imagine your organisation was just hit by a ransomware attack, and all your data is suddenly inaccessible. Your files have been encrypted by a hacker, who is now demanding a hefty payment to restore them. Do you pay up? Or do you have a backup?
Additionally, the average cost of a data breach for organisations in the Middle East reached SAR 29.9 million in 2023 – an all-time high for the report. This represents a 15% increase over the last three years and a marked 155.9% increase over the last decade.
In response, organisations have been devoting increasing security resources to the prevention of data breaches; however, many fail to properly plan for the recovery of their data after an attack.
Minimizing the impact of ransomware attacks demands a shift in mindset: Instead of shoring up defences and hoping a breach never happens, organisations must begin treating these attacks as inevitable. This requires a data resilience plan, where files are protected in a way that makes them invulnerable to cybercriminals. Thanks to modern technology, including Artificial Intelligence (AI), such a defence is easier to establish and manage.
Too many gateways
Securing an organisation against attacks used to be much simpler. You established a perimeter and you protected it. Now, with the rise of hybrid work and the endless growth of connected devices, every individual within the organisation is a potential attack vector. Cybercriminals can get in through endpoint infections – where an employee connects a compromised phone or laptop to the network – or backdoor deployments – which use malware to gain access to remote computers – or other schemes.
Worse yet, the global average time to complete a ransomware attack has fallen by a 94% over the past few years. Thanks to the ‘Ransomware-as-a-Service’ model, which makes malicious code even more accessible, ransomware attacks can now be done in under four days.
Defenceless back-ups
For decades, the common practice for data resilience has consisted of systems of snapshots. Data is backed up to an archive at set intervals, and when things go wrong with the local copy, administrators can pull from the most recent clean data to replace any problematic files.
But, over time, ransomware attacks have become more sophisticated, and can infect the snapshots as well. This leaves compromised organisations with a difficult decision: spend countless hours poring through back-ups in search of uninfected data, or simply pay the ransom.
Organisations in industries where downtime is particularly problematic, such as hospitals, often have no choice but to opt for the latter route. Even in sectors that operate under less stress, the cost of carrying out a protracted recovery can still exceed the price of ponying up to the attackers, and even when successful there’s bound to be a significant amount of data lost between the start of the breach and the end of recovery.
Assistive Remediation and Intelligent Recovery
Fortunately, new technologies are emerging to help reduce the extent of damage attackers can inflict on data back-ups, making the recovery process much quicker and easier. In fact, the IBM Global AI Adoption Index 2023 found that 26% of the surveyed companies are currently exploring or deploying AI for security and threat detection.
For instance, when data is written to a storage device, the pieces fall into place with a consistent randomness, referred to as entropy. When ransomware infections occur, the pattern of randomness changes as the attackers begin to corrupt files. By applying AI and entropy algorithms as the data is being written, it’s possible to detect alterations in patterns, allowing administrators to immediately seal off the back-ups to prevent further damage.
The best backup systems, however, employ immutable snapshots to preserve data in a way that’s impervious to cyberattack. This method involves the creation of an unalterable copy that no machine or individual can directly access. In the event of a breach, administrators can simply pull a clean copy to restore their data set.
This process can consume a significant amount of storage space; to make it feasible, immutable snapshots are only captured at set intervals, such as once an hour. Therefore, the ideal data resilience strategy involves a combination of entropy algorithms and immutable snapshots.
Covering your bases
Downtime during and after an attack is extremely costly for an organisation. It jeopardises its infrastructure, services, and credibility, potentially causing severe damage to the company. The first step should involve a thorough assessment of your data backup infrastructure, followed by an investment in modern solutions, including AI, that employ safeguards like immutable snapshots, entropy algorithms and validated data restores. Then you can begin to develop a comprehensive strategy for getting your organisation back on track.