Commvault Unveils Clumio Backtrack - Near Instant Dataset Recovery in S3
Organizations around the world are making headlines after falling victim to ransomware attacks. Ransomware is malicious code designed to gain unauthorized access to systems and data and encrypt that data to block access by legitimate users. Once ransomware has locked users out of their systems and encrypted their sensitive data, cyber criminals demand a ransom before providing a decryption key to unlock the data. Organizations can lose days of productivity and revenue during these attacks, and recovery can be problematic.
The ransomware attack on the Colonial Pipeline in May 2021 demonstrated how far-reaching such a strike can be: 5,500 miles of pipeline carrying 45% of U.S. east coast fuel was shut down for four days before operations could be completely restored by paying the ransom amount of $4.4 million. It is expected that a new organization will fall victim to ransomware every 11 seconds by the end of this year.
This massive problem is top of mind for our customers when it comes to protecting their critical data. In this post, we share guidance on how organizations can make an attack less likely, increase their resilience to being ransomed, and secure their data in the cloud.
Protecting your data against ransomware involves putting together a multi-layer defensive plan all the way from thwarting such attacks to recovering quickly in the event of a breach. The following components are all part of a comprehensive data protection plan. Read on to understand the top 5 best practices to defend against ransomware in each component.
In some recent attacks, a third-party vendor’s software for IT automation was the source of a vulnerability that attackers used as an entry point for their malicious code. While SaaS offerings bring tremendous flexibility and scalability, they also come with additional risks to evaluate and mitigate.
Steps to Take:
Inside of your organization, your personnel is your greatest asset. It’s a core responsibility to ensure that they are trained and aware of the risks that are posed by attackers. Social engineering techniques have played a huge role in the spike of successful attacks. Every individual in your organization should have a security “radar” running in their head whenever they’re using their computers.
Steps to Take:
IT security has made significant strides in software, services, and techniques for the prevention of unwanted activity. Organizations need to manage a lot of physical assets, like laptops and smartphones. Many of them also need to manage a range of SaaS offerings as well, like intranets, collaboration platforms, email systems, etc. Each of these offerings can pose a risk of entry for an attacker to exploit.
Steps to Take:
When a user authenticates to a service, the user is typically granted some amount of privileges. In the SaaS and Cloud world of 2021 and beyond, permissions management of services can be quite complicated. For example, the privileges available for a user in your collaboration suite will vary significantly from the privileges of a user of your Infrastructure-as-a-Service provider. At a high level, the privileges required for these users will be role-based. Privilege management is critical and hence the guidance is to limit privileged access to the minimum level required for the user to do their job.
Steps to Take:
Speaking of forensics and security incidents, it’s really important that the above-mentioned activity logs don’t vanish. That would seriously hamper an investigation. Ideally, the logs are stored offsite securely, and in a form that’s tamper-proof. This brings us back around to the whole subject of ransomware.
Preparing for disaster, and ensuring recovery from it, is necessary for all organizations. Disasters come in many forms, from a leak in one of your offices making a floor unusable, to a service provider having an extended outage, and even to the worst-case of having your organization fall victim to a ransomware attack. The mitigations are important, but the worst can still happen. Your disaster recovery plan should account for and have a tested, planned mitigation for this scenario.
CISA has published a Cyber Essentials Toolkit. I highly recommend it; it’s written in a checklist style and covers a lot of ground. In chapter 5 regarding the protection of data, you’ll find two significant sentences:
Steps to Take:
Clumio provides good news and value on all of these points.
The Clumio platform has the security, the “off sited-ness”, and the immutability designed in, from day one. Your data is encrypted with your encryption key before it leaves your cloud accounts and is transmitted to the platform. Built-in integrity checking and object versioning ensure immutability, and the platform is a completely separated environment from your company’s. Check! You can configure your backup policy to archive and retain data on the schedule that best fits with your organization and data type.
Additionally, testing data restoration with Clumio is among the easiest tasks to do. View your protected assets, examine their backup calendar, and click to restore. That’s it. With Clumio’s granular recovery you can also restore individual files or database records, speeding up time to recovery. The ability to restore to any account or region also ensures that you have the flexibility to get back up and running your business in a new site while the compromised site remains isolated for investigative purposes.
The frequency and severity of ransomware attacks are truly alarming. It’s a global, industry-spanning threat, and needs to be taken seriously. But there’s no need to feel helpless. The preventative and mitigating techniques discussed above are a starting point, and help to make organizations more difficult targets for attackers. There’s always more to be done, and it will be a chess game of moves and counters.
For certain, an ounce of prevention is worth a pound of cure… or fewer hours of disaster recovery and loss of business. A strong security posture is required and needs care, sustenance, and continuous improvement. Just don’t neglect the “break-glass” disaster recovery plan, and ensure that your critical data is safe, secure, and available. Ensure that you’re ready to engage and restore business operations within your RTO/RPO targets if the worst-case scenario happens.
Does your AWS backup expose you to ransomware attacks? Find out how to Overcome the Challenges with Backup for AWS and Recover from Ransomware Attacks.