Never Pay the Hackers: How To Protect Your Enterprise From Cybercrime

The widely reported May ransomware attack on Colonial Pipeline crippled the country’s largest fuel pipeline and extorted $5 million from the company. The attack was so damaging and its origins (Russia) so troubling that it got the attention of the U.S. Department of Justice. Just this week, Reuters reported that the government is “elevating investigations of ransomware attacks to a similar priority as terrorism in the wake of the Colonial Pipeline hack and mounting damage caused by cybercriminals.”

Cybercrime is becoming an epidemic, and these events should be a warning to IT and data security officers everywhere: If you don’t get your house in order, you could be next.

That’s because high-profile and successful cyberattacks like the one on Colonial Pipeline encourage more cybercriminals to take up this new, lucrative, difficult-to-police “career.” The attacks around the world are increasing in volume and ferocity. As a result, enterprises that allow any form of network access are subject not only to paying the ransoms but to being shut down operationally — and for many, operational shutdown will be far worse than paying the ransom. For many, the loss of operational time has a high “cost-per-minute” value, and the public relations impact discourages current and new customers from trusting that enterprise with their data and business transactions.

Enterprises around the world are frantically placing new and very serious emphasis on preventing these attacks. But more importantly for most, they are concentrating on how to insulate their businesses from the impact of the cost-per-minute loss and the bad publicity. The frailty of many of the world’s IT systems and aging data recovery capabilities make these investments long overdue. With successful cyberattacks on the rise, backup and recovery have become new priorities within most IT organizations.

Building Security Into Your Backup Operations: A Checklist

To keep from becoming the next blaring headline, enterprise security officers need to build security into IT operations. This checklist is a good place to start:

• Minimize, recognize, and repel penetration.
• Deploy a highly reliable data backup system.
• Have a solid plan and capabilities for restoring data in priority order.

Most IT organizations have a lot of work ahead of them in all of these areas. The first one — minimizing penetration — is a significant and long-term challenge. Companies need to restrict access to IT resources and operations carefully and continuously. Meanwhile, the means and techniques cybercriminals use are continually improving and becoming more sophisticated and powerful by the day. As a result, companies must also have means to recognize and detect cyberthreats and events. In addition, repelling attacks is a new and ongoing effort that requires IT resources just to keep in step with the mounting threats.

But minimizing and repelling attacks cannot be IT’s only focus. More important are the last two items on the checklist — creating highly reliable data backups and solid plans and capabilities for restoring data in its priority order. After all, there are thousands of ways cybercriminals can invade a system, but there’s only one surefire antidote — rapid restoration of the data that allows operations to come back online quickly — without giving in to ransomware demands.

With highly reliable backups and a solid recovery plan, an enterprise under attack can confidently restore its affected systems and data, thereby minimizing the operational, financial, and PR impact. Not only does this prevent the need to pay the ransom, but it also discourages other cybercriminals from attacking in the future (no ransom = no reward for the criminals’ effort). By extension, it helps hamper the growth of cybercrime throughout the world.

Practical, Actionable Guidance for Securing Data

Now to the nitty-gritty. How do you actually check off all those items on the checklist?

First, be prepared to apply these best practices:

• Role-based access, which makes it so that data owners can only access and recover the data they need ... and nothing else. This keeps data owners responsible for the data they use and minimizes the potential for faulty restores by someone who isn’t familiar with the data.
• Workload-specific environments — Make sure administrators can perform recoveries either through workload-specific interfaces or through plug-ins based on commercially available technology — all integrated with an application management interface. With this approach, admins stay where they need to be to do their jobs while ensuring security across the enterprise.
• Reliable, secure, policy-based backups — Monitor the backup process to ensure it is continually generating consistent, usable backups that adhere to strict business policies for data protection. That way, multiple specialized teams that are managing separate tasks across your enterprise can restore the data when needs arise.
• Location-independent recovery — Make sure restoration can happen from any location (on-premises, remote, mobile, in the cloud, across clouds).

Next, implement a backup solution that incorporates all these best practices.

When seeking such a tool, look for one that is modeled to solve for security, rapid data restoration, and fully protected backup data. It should be a universal but highly reliable backup system that is structured perfectly to support IT plans and capabilities for quick and prioritized data restoration. Importantly, backup administration and daily management should be software-automated to drive consistent data backups. In addition, policy management and reporting should be easy to visualize and customize to ensure successful backup operations. These practices all help ensure smoother, successful recoveries.

With such a backup system, the results of a cyberattack will be zero ransom payment, minimized operational downtime, and minimized public relations impact.

There are few experts that can deliver a capability like this. Let’s use Compass® software from Cobalt Iron as an example.

Software like this provides a SaaS-based enterprise data protection platform that is built on three key security principles:

• Readiness — Avoid exposure by being prepared. This software includes backup inaccessibility, 24/7 monitoring, proactive problem avoidance, and automated software updates to keep your enterprise data protection battle-ready.
• Response — Dramatically limit the negative impact of a cyberattack. Good software allows rapid, coordinated execution to resolve incidents and minimize downtime, data loss, cost, and reputation damage, while the technology maintains data integrity without unnecessary human access.
• Recovery — Quickly returning to normal operations is only the beginning. Again, as an example, Compass delivers rapid restore functions and analytics-driven insights to fortify data protection against future attacks.

Strong IT organizations are moving to assure that their backup and restore capabilities not only protect backed-up data from cybercriminals, but also give them total control over restoring data in a prioritized and timely manner. That is key to resuming operations quickly and avoiding the financial losses that come from business interruption and public relations disasters.

As the Colonial Pipeline story illustrates, it is far better to be prepared. After all, had Colonial Pipeline had a reliable backup infrastructure in place, it never would have had to pay the $5 million or gotten a massive black eye.

So, get busy assuring your data backup and restoration works flawlessly. That way, should the unthinkable happen, you can get back to business with minimal impact.