Closing the door on ransomware

Codegreen Systems’ Anoop Ammunni highlights six steps that will help businesses in the UAE counter ransomware attacks

Tags: CodeGreen Systems (codegreen.ae)
  • E-Mail
Closing the door on ransomware Anoop Ammunni director of consulting, Codegreen Systems.
By  Anoop Ammunni Published  January 10, 2017

Today, ransomware is not only commonplace in the UAE, it’s on the rise globally, with hackers constantly employing new strategies and turning this once-rare form of intrusion into its own mature industry.

The ransomware threat is no longer limited to a handful of business in a couple of verticals, but now affects all organisations and industries. Companies are quickly finding themselves struggling to understand this unsettling new threat and how to adequately plan their response to an attack.

Since these criminals continue to operate with zero consequences, it’s likely these crimes will not only increase in frequency and severity but also become a standard part of a company’s daily threat landscape.

Worldwide, ransomware is having a good year. CNN recently reported that ransomware events have collected $209m in Q1 2016, and are on pace to collect $1bn in 2016. The levels of the threat are considered to be ‘alarming’ in the UAE, and with spam accounting for over 50% of all email traffic in the country and 1 in every 199 emails containing malware, the statistics certainly support this.

This leaves companies of all sizes asking how to successfully defend against a ransomware attack. At CodeGreen Systems, we offer our own advice which will go a long way towards improving the security posture of your company and make you much more resilient when faced with today’s inevitability of attack.

The solution

A successful defence against ransomware and other incidents of malware is as simple as implementing an effective backup plan. While it may seem basic, experts agree that a solid backup plan is still the best prescription for addressing the threat of ransomware. But what exactly does implementing a backup plan really mean, and what does a well-executed plan look like? At CodeGreen Systems, we recommend six proactive steps, from the front lines, for keeping your data safe.

Backup your data

An enterprise-grade automated backup solution acts as an insurance policy in the event case of an intrusion such as a ransomware strike. Regular backups across laptops, desktops, file servers and mobile devices in your organisation provide a secondary off-site copy or your data — ensuring immediate access to business critical information after a malicious attack has taken place.

If your organisation doesn’t already have a comprehensive backup solution in place, this step alone will dramatically reduce the impact of a malware attack. In addition to a rapid ransomware response tool, this solution offers better information governance and gives organisations the ability to view audit trails and protect data for compliance purposes. Make sure, though, to select a cloud-based backup solution as it provides off-site storage for additional peace of mind when you’re on premise data is at risk.

Protect all of your distributed data

Are all teams distributed across regions covered by your backup policy? Does your current backup plan ensure that 100% of your user base is covered — however you define that base — to reduce exposure to potential employee data loss? Review and validate the deployment scope of your current backup plan to ensure that your chosen backup solution is deployed automatically to all end users who need to be protected. At a minimum, you should ensure that key users, which includes the likes of executive management and faculty, are covered by your data protection policy in order to maximise business continuity.

Review the scope of your data backup

What are you backing up? You’re probably protecting the My Documents folder on your desktops and laptops, but what about other locations where users can store data?

These could include:

- User Profile (%userprofile%)
- User specific System & App Settings
- User-created custom folders

We highly recommend that you review, validate, and, if needed, modify backup content (as defined in your backup policy) to ensure that all important data for protected users is being protected. This may require you to expand your scope to include custom folders where users can store data. You may also allow users to self-select the data that is backed up. This can be extremely useful in ensuring that all important data is protected. By implementing the “Allow users to add folders” feature, users can easily add folders within seconds to ensure all their data is successfully captured.

Review backup frequency

How often are you backing up? Every 2 days? 8 hours? 4 hours? Do you need an even more aggressive schedule for executives? Review, validate and, if needed, modify backup frequency (defined as part of your backup policy) to ensure automated, periodic backup for all protected users. As a general rule, we recommend you backup at minimum once every four hours, and every 15 minutes for key users.

Validate your data retention policy

How long are you keeping your backups? 14 days? 7 weeks? 6 months? Or Years? Review, validate and, if needed, modify the retention policy (as defined in your backup policy) to ensure a sufficient Recovery Point Objective (RPO). This may vary depending on your particular industry and regulations, and internal IT policies — IT, legal, and compliance teams — will make the call on data retention needs. Be assured, no matter what length you choose, solution should get you unlimited retention for organisations in need of this option.

Re-Assess your policies periodically

While the preceding measures might provide sufficient protection for the foreseeable future, we highly recommend that you revisit your backup policies on a periodic basis (approximately once every six months) to ensure that they are aligned with your organisation’s requirements. IT often has the primary responsibility for this routine, and in some cases acts in coordination with the legal team. To conclude, it’s imperative that you need advanced security solutions in place. But none of the security solution can offer a 100% guarantee against ransomware infection and indeed if you get infected, there are only two choices: restore from backup or pay-up. So if your data is critical, best guaranteed defence is to have an enterprise class near real-time non-intrusive backup solution in place.

Anoop Ammunni, director of consulting, Codegreen Systems.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code