Ransomware has evolved into a modern digital plague, threatening businesses around the world with crippling data loss and punitive financial demands. Despite the best efforts of the cybersecurity industry, ransomware activity has continued to proliferate and increase globally.
And it has hit close to home. According to Singapore’s Cyber Security Agency (CSA), there were 132 local ransomware incidents reported in 2023 alone. Despite its prevalence, why do organisations continue falling victim to ransomware? How can businesses better defend against the latest ransomware threats and protect their irreplaceable data?
Debunking Ransomware Myths
Before exploring possible solutions, it is important to first address common misconceptions about ransomware. For one, many businesses still cling to the notion that paying will facilitate the safe return of their data. The reality is far more sobering: The cybercriminals might not deliver on their promises, leaving companies without their data and out of pocket. Moreover, businesses also have no realistic way to prevent bad actors from reselling exfiltrated data onto the dark web for further profit.
Worryingly, many small and medium-sized enterprises (SMEs) still consider themselves safe from ransomware because they are too small. In reality, cybercriminals attack victims indiscriminately, often using ransomware kits that automate the process – from phishing and planting of malware to extortion. This means SMEs with their less rigorous security measures might in fact be easier prey than a better-resourced enterprise.
Finally, some companies mistakenly believe that a functioning backup system alone can shield them from ransomware. Modern ransomware is highly sophisticated, however, and some are known to infiltrate networks and even corrupt backup data to render recovery efforts futile.
Understanding Modern Ransomware
Ransomware has evolved significantly from its early, more rudimentary forms. For a start, today’s ransomware threats employ advanced encryption methods to thwart data recovery and incorporate capabilities that mimic normal user and file behaviours. This makes it far more difficult for traditional cybersecurity solutions to detect and stop.
As noted earlier, ransomware is known to undermine backup systems by identifying and encrypting backup data. This means that simply having a backup is no longer a foolproof strategy; backups must be kept isolated, and their integrity protected from ransomware.
Furthermore, ransomware has become more patient and strategic in its approach. Attackers might now lie dormant within a network for an extended period, carefully observing user activity and file patterns before launching into an encryption spree. This delayed activation makes it even harder for organisations to respond in time.
Adopting a Multi-Layered Approach
To ensure that their defences can withstand sophisticated ransomware threats, businesses must move beyond rudimentary anti-malware defences and firewalls and adopt a comprehensive, multi-layered approach to cybersecurity that encompasses everything from their storage systems to the network.
For a start, they must prioritise robust backup and recovery capabilities, protecting data backups with immutable backups and snapshot-based verification to ensure data integrity. This necessitates the classifying of data based on sensitivity and applying tailored backup and retention policies. Only with this in place can companies optimise their security measures and safeguard their most valuable information against ransomware attacks.
Leveraging the power of artificial intelligence (AI) and machine learning (ML) is another possibility to consider. Systems incorporating these technologies can detect anomalous behaviours that might indicate ransomware activity, proactively alerting IT teams for further investigation. For instance, AI-powered file integrity monitoring can detect unusual changes that could signal an impending attack for faster response and mitigation.
Humans are often the weakest link in modern cyberattacks. On this front, regular security awareness programmes can cultivate a security-conscious culture, empowering employees to recognise and report potential threats. This could come in the form of desktop exercises, or phishing campaigns that simulate real-world attacks to test and improve employee response.
“Organisations must regularly review their cybersecurity defences, ideally with an annual audit, to ensure they are robust enough to protect against the latest threats. You cannot set it up once and leave it alone.”
– Dennis Chan, Chief Security and Privacy Officer, Huawei International.
Building Ransomware Resilience
As the ransomware threat evolves and cybercriminals devise new tactics to hold data hostage, businesses can no longer rely on outdated security measures. Cybersecurity leaders must think deeper and develop a multi-layered strategy to safeguard their data and ensure operational resilience.
Ransomware resilience should be integrated into every layer of the organisation. Storage solutions need to support file integrity checks and advanced features for resilient backups. They should also include regular snapshots and immutable data protection to counter ransomware attempts.
Huawei has embedded ransomware protection into its storage and networking products. For example, its network devices and storage systems can work together to enable multi-layer protection a better level of protection against potential ransomware.
Huawei’s Dorado family of storage solutions come with ransomware protection features that include file integrity monitoring, immutable file protection, and snapshot-based data verification. AI-powered features can analyse file behaviour patterns and alert on anomalies that may indicate ransomware activity.
Ransomware is constantly evolving, and the onus is on organisations to perform regular reviews of their security posture and refresh it against emerging threats. With an updated ransomware strategy, good employee training, and cutting-edge technological solutions, businesses can create a formidable defence against the ever-present threat of ransomware.
To further explore Huawei’s storage and networking solutions and how they might help your organisation against ransomware, click here. You can also visit the Huawei booth at GovWare 2024 to learn more.
|