The recent global Petya ransomware attack severely curtailed the operations of WPP and suddenly put advertising and marketing agencies clearly in the spotlight as potential targets for this growing cybercrime phenomenon. Those in the industry who thought only public and government organisations were under threat are having to think again.
Petya, which was preceded by the equally damaging global WannaCry ransomware attack, has emphasised the danger that all data-intensive industries face from ransomware attacks.
Add to this the impending EU General Data Protection Regulation, which comes into force next May and could result in fines of up to 4% of annual turnover or €20m, whichever is larger, for serious data breaches, and it’s clear that now is the time for agencies to get their house fully in order.
Ransomware is a type of malware that encrypts and blocks your data files until you pay a ransom. Then, if you’re lucky, you might just regain access to your data, but this is by no means a given. So thinking you can simply pay up and everything will be OK is at best naive and at worst extremely reckless.
The ransomware threat has been around for some time, the first widely known form being Cryptolocker, which was unleashed in 2013. IT security experts worth their salt have been shouting about it for some time, with their warnings generally falling on deaf ears across the business world. Of course, this is rapidly changing.
Facing the ransomware challenge now will not only remove the threat to your data and ultimately your business, but will also help with GDPR compliance and potentially give you an edge over your rival agencies.
So where do you start?
First, do the anti-virus software and firewalls you’re likely to already have in place offer enough protection? The short answer is no. They provide some, but most programs are not updated quickly enough to plug undiscovered “zero day” vulnerabilities in computer systems that can be used to spread malware like ransomware. So there’s always a chance that a strain will manage to penetrate them.
What’s more, a lot of ransomware exploits human vulnerability by using “social engineering” techniques to persuade staff to open an email attachment that enables the malware to be spread. Although you should implement a company-wide policy to discourage this, people make mistakes meaning you’ll always potentially be vulnerable to attack.
So with no way to make your business truly impregnable, you not only have to do what you can to defend your data against an attack, but also need a way of backing up and restoring your data quickly and efficiently should it be held to ransom.
Currently, the best ransomware solutions offer a combination of both these functions. First they act as an early warning system. They can spot a ransomware attack being unleashed before it has spread right across an organisation and then quarantine it to make it safe. Next, they quickly monitor your data and recover and back up any that has been affected.
Before choosing a solution, make sure it backs up your data to the cloud, as this is the only way to ensure your backed up data is safe from attack, because it is held off site far out of the reach of any malware. Even local backups stored on USB drives, for example, may also become encrypted by malware, rendering them useless.
This means that if you don’t pay the ransom and your data is lost, you can get the vast majority of it back. Of course, you need to make sure that the cloud provider you use can do this quickly and efficiently so that the minimum disruption is caused to your business. With this in mind, you should go for a solution that performs ‘incremental data recovery’ from the cloud. Just as you wouldn’t replace your entire library if only one book was damaged, this only replaces data that has been infected by doing the following.
You will also ideally need a solution that backs up and recovers data blocks, which are much smaller than individual files. Recovering all data regardless of what has been damaged should be avoided as it takes longer and uses more network bandwidth.
Implementing this kind of integrated and automatic ransomware solution will offer you maximum protection while giving you the reassurance that if the worst happens and your data is held to ransom you have a clean replacement off site that can be accessed quickly, meaning you won’t have to pay up.
And with recent Mimecast research revealing that less than half of UK organisations are confident they can recover files encrypted by ransomware and 72% reporting they had lost valuable data in the last 12 months, by taking the right steps to protect your business now you can be sure you’re ahead of the game.
Alexander Ivanyuk is the global director, product and technology positioning at data backup and recovery experts Acronis.
Originally posted The Drum 25 July 2017