Why an effective data backup strategy is vital protection against ransomware attacks

Read the Full Press Release at Times of India

According to a new report from cybersecurity firm Sophos, over 78% of Indian organizations were hit with ransomware attacks in 2021. Responding to these attacks is costly and time-consuming, so the goal should be to avoid them rather than mitigate their effect. A robust data backup and recovery strategy is essential here, one that’s tailored to the enterprise’s needs and can kick in as soon as necessary. Here, we dive deeper into how this works.

The ransomware menace

Essentially, a ransomware attack involves the attacker using malware to encrypt and lock data on a device using his own keys that is not available to the data owner. Adversaries can easily purchase ransomware from the dark web that has led to a thriving ransomware market.  Once you servers are exploited with ransomware, the data is held hostage for ransom. The Sophos report revealed that for the attacks in 2021, Indian companies had to pay around $1.2 million on average to get their data released, with 10% paying well in excess of this figure.

A single ransomware attack can spread through an organization and devastate operations, leading to downtime and significant data loss. Paying the ransom can be a challenge, especially if the sum demanded is large or if the attacker demands it in cryptocurrency. There is no guarantee that the data will be decrypted even after the company pays. According to a recent research report by Tenable, the cyber exposure company, at least 40 bn records were exposed worldwide in 2021. While cyber insurance can be an effective remedial measure – around 89% of mid-sized companies have some form of cyber insurance, according to the report – claiming that insurance often involves cumbersome formalities.

Moreover, the number of cyber insurance firms in India is low, so the scope for industry-specific insurance plans is limited. Again, according to another recent report by Trend Micro, many companies are at risk of ransomware attacks owing to weaknesses along their supply chain – lack of transparency about product movement and inadequate communication with suppliers are contributors here. Addressing supply chain issues is a long-term solution – data protection cannot wait that long.

The importance of data backup and recovery

A data backup involves downloading data from its primary source and storing it in a secondary source, perhaps even a tertiary one. A data backup ensures the business can keep going in case of a ransomware attack or any other emergency and safeguards critical information from being permanently lost. On the other hand, data recovery refers to recovering the data from a stored source and reintegrating it into the system to business-as-usual levels.

Building a good backup and recovery plan is about more than just clicking a download button and making file copies. It allows companies to build a data hierarchy, allowing teams to determine objectively which types of data are most critical and thus need the most protection. In this context, we can also mention the two metrics every recovery plan needs to define – recovery point objective (the maximum amount of data that can be lost in an attack before there are repercussions) and recovery point time (a timeline for accessing data backups in the event of an attack and resuming operations as soon as possible). Knowing what both of these look like is a prerequisite to designing an action plan that saves as much time and data as possible. In addition, building a backup and recovery plan requires the organization to go beyond the office premises and the computers in it. As more and more businesses go fully remote, it is vital to ensure that all access points are secure and that remote employees know what to do to keep their devices and systems safe.

What to include in a recovery plan

The good news is that companies are much more aware of and invested in cybersecurity than they used to be – around 98% of Indian companies reported regularly updating their security patches to VPN equipment and externally exposed servers. While this is a start, there is much more to building a solid recovery plan that covers all bases and is easy to execute and maintain. If a ransomware attack does happen, the plan should be robust enough that the company can recover even if the attacker doesn’t return the data after receiving the ransom. The core pillars of an enterprise recovery plan could include:

High-quality defense systems across the organization – Security is a pre-condition for data protection and ensures that recovery plans do not need to be called upon. This includes sweeping for and fixing gaps, such as unprotected monitors or unpatched devices, in addition to top-quality firewalls and other enterprise-level measures.
A backup schedule – Company data should be backed up periodically at an appropriate frequency, such as once a week. This predictability is essential for everyone’s benefit so that they know when systems might be down. The flip side, however, is that cyber attackers might also come to know about the schedule and target attacks before the backup. This can be avoided with judicious changes to the schedule from time to time and extra backups in case of significant data inflow or any emergency.
Assigning roles and responsibilities – There should be a clear plan of action broken up into tasks and designated people in charge of each task. If an attack happens, the team can jump straight into the action without any doubt or discussion.
A secure cloud system – Most companies worldwide prefer cloud backups for their accessibility and unlimited storage. The cloud is not immune to breaches, so finding a reliable cloud vendor is critical.
An action plan for all employees, not just the IT team – All too often, data recovery plans are only shared with tech teams while others are kept in the dark. However, the organization at large is accessing and using the system daily, which means their help is invaluable regarding data protection and recovery. Companies can host boot camps where the IT team educates everyone on safety practices like multi-factor authentication and gives them an action plan to follow if they encounter ransomware or other malware. This way, everyone can stay alert for suspicious activity and avoid accidental security breaches.

The road ahead

Today, 87% of IT and business leaders worldwide agree that cybersecurity is one of the biggest threats to their organization, even more than an economic downturn. The functioning of a technology-first society hinges on how secure that tech is – even small mistakes could lead to costly data losses and affect millions of people. While prevention is the first step, companies should also invest in an efficient data recovery plan that can expand and scale with the company to ensure that any attacks have a minimal lasting impact. Whether by enhancing in-house capabilities or handing over the reins to a security expert, the time is now for India Inc to maximize its defenses and enter 2023 on a high note.