Protect your data with a multi-tiered approach

Mike Foster, Channel Manager, VIPRE, looks at how businesses should invest in channel support to survive the evolving security landscape. 

Mark Jow, EMEA Vice President, Sales Engineering at Commvault, discusses the best practices for protecting your data against the growing threat of ransomware attacks and how we can tackle the issue once and for all.

The threat of ransomware shouldn’t be a surprise to anyone – it has dominated the headlines, taken down some of the biggest corporations, and grown hugely in 2021 alone. Frequently causing denial of service, ransomware interrupts essential services, including healthcare, fuel and food supplies. In fact, by the end of September 2021, the number of attacks in the United States had already surpassed the previous year’s total by 17%.

Ransomware is now a business, it’s not just the actions of a bored, isolated person looking to cause some disruption. Cybercriminals today are anything but ‘hackers in hoodies’. They are sophisticated groups of very intelligent people who make a living out of their work. They employ their latest recruits, offering benefits, lunch breaks, and regular working hours.

It is unsurprising, therefore, that 64% of businesses have fallen victim to at least one cyber attack in their history. Although ransomware is a top concern in boardrooms, what can organisations do to ensure that they are in good stead to prevent such attacks penetrating their systems and stealing their data?

Multiple tiers for maximum defence

Ransomware attacks can come from anywhere at any time – no size or sector is immune. A multi-tiered approach is critical to implement the best protection against such attacks and to future-proof defences against new cyber threats. Following the National Institute of Standards and Technology (NIST)’s five step approach should be the foundation of all cybersecurity policies:

1. Identification management

Protecting and securing your data is not just about authentication, authorisation, and audit control. The first step should always be to identify your data. Knowing what data you hold and where it is located is essential to protect it. How are you supposed to protect your data if you don’t know what it is or where it is stored?

2. Protection

Accurate data identification is fundamental in designing the right architecture and cost model that will best protect your data for the long-term. So often, organisations use multiple disparate technology solutions that do not identify key data or integrate it in the correct way. Using a single, integrated solution will facilitate effective protection because all data will sit under the same solution. Should they fall victim to a ransomware attack, data will not leak through the cracks of the mismatch of different solutions.

3. Detection

Strong management of the right corpus of data is so important because it allows the most effective protection to be put in place. This is crucial because effective management allows for quick and easy detection of vulnerabilities – essential to limiting the impact of an attack, should it penetrate your system. Organisations that detect a vulnerability early experience the least destruction following a ransomware attack.

4. Response

Continually monitoring and testing security solutions is essential for success. Having the knowledge of what goes on in your IT environments by the hour and minute will enable you to quickly detect any abnormalities and react accordingly with ease and pace. You can never practice a response to a ransomware attack too often. Make sure you know exactly what to do should one occur to limit downtime and prevent loss of data.

5. Recover

Organisations that navigate ransomware attacks and recover their systems the quickest and easiest are those that keep calm and have procedures in place. It goes back to the response – those who know what to do can handle the situation calmly and efficiently.

Many organisations are turning to cloud-based solutions as they adopt hybrid working models, and this provides an additional layer of backup when it comes to recovering lost data. If victim to a ransomware attack, datasets can be returned into a safe environment without having to manually check that each dataset is cleansed.

These five steps are not 100% fool proof, but following this framework certainly mitigates the risk of the downstream need to recover should an attack happen.

Is change on the horizon?

Arguably, it is difficult to foresee how the growth of ransomware can be stalled. So long as organisations continue to pay the ransom – of which 83% do – cybercriminals will continue to deploy such malware. Although it is easy to say that organisations should simply stop paying, most feel that they have no choice once their critical data is in the hands of cybercriminals.

Ultimately, government intervention is needed to legislate and prosecute cyber activity. International forums like G20 and G7 bring governments from around the world together to combat global issues, such as climate change and sustainability – the same is needed for cybersecurity. Only once it is taken seriously as a political issue will it be successfully implemented as effective legislation that can be widely and officially prosecuted.

We are moving in the right direction. President Joe Biden’s executive order on cybersecurity, issued in May 2021, sought to improve national cybersecurity and protect government networks from such attacks. Biden’s introduction of cybersecurity as a political subject has proven effective in bringing the topic into the mainstream media.

With the growing awareness of the severity of the situation, governments from across the world are beginning to collaborate on tackling the worsening problem of ransomware attacks. The UK and US recently announced that they have reaffirmed a joint commitment to disrupt and deter new and emerging cyber threats. Working together, both governments are taking a stance against cybercrime, and, in doing so, are setting the tone for how organisations across the globe approach these challenges.

Read More:

Until decisive action is taken and official legislation is implemented, the best way that organizations can protect themselves against the weapons of cybercriminals is to plan, stay alert and implement the multi-layered approach to security. Take responsibility for your assets, protect them with the best cybersecurity practices, and never be complacent. 

Click here to discover more of our podcasts

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Mark Jow

Mark is the EMEA Vice President – Sales Engineering at Commvault and has been with the company for a total of 13 years, starting as EMEA Professional Services Director. Mark has 20 years of experience in IT, with extensive knowledge in cloud computing, data management and disaster recovery.

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...

Automated Testing Tools and Their Impact on Software Quality

Natalia Yanchii • 09th October 2024

Test automation refers to using specialized software tools and frameworks to automate the execution of test cases, thereby reducing the time and effort required for manual testing. This approach ensures that automation tests run quickly and consistently, allowing development teams to identify and resolve defects more effectively. Test automation provides greater accuracy by eliminating human...

Custom Software Development

Natalia Yanchii • 04th October 2024

There is a wide performance gap between industry-leading companies and other market players. What helps these top businesses outperform their competitors? McKinsey & Company researchers are confident that these are digital technologies and custom software solutions. Nearly 70% of the top performers develop their proprietary products to differentiate themselves from competitors and drive growth. As...

The Impact of Test Automation on Software Quality

Natalia Yanchii • 04th October 2024

Software systems have become highly complex now, with multiple interconnected components, diverse user interfaces, and business logic. To ensure quality, QA engineers thoroughly test these systems through either automated or manual testing. At Testlum, we met many software development teams who were pressured to deliver new features and updates at a faster pace. The manual...