The Cybersecurity Agency of Singapore (CSA) recently revealed that the number of reported ransomware attacks last year increased by a staggering 154%. This report comes amid a global rise in the volume and intensity of ransomware attacks, especially as more Asia organisations speed up their digitalisation efforts to cope with the global pandemic.
In May 2021, for example, insurance group AXA reported that a targeted ransomware attack hit its offices in Thailand, Malaysia, Hong Kong, and the Philippines. The attackers claimed to have stolen more than 3 terabytes of sensitive customer data, including copies of passports and IDs, contracts and agreements, and medical reports.
The dilemma of paying
Organisations that are hit by a ransomware attack are caught between a rock and a hard place.
On the one hand, they can pay up and regain access to their data. However, this is generally not a recommended approach, and can come at a high cost. A recent study by cybersecurity firm Palo Alto Networks revealed that the average ransom paid by compromised firms in 2020 was US$312,493 — a 170% year-over-year increase.
To make matters worse, there is no guarantee of data recovery after paying the ransom. In fact, paying up might open the victim up to a second wave of attack, as attackers now know that they are vulnerable and have the willingness to dip into their pockets.
On the other hand, IT departments can work around the clock to attempt recovery from the attack. But this is easier said than done. Even the most well-prepared IT teams will need ten to fourteen days to recover from a ransomware attack. For everyone else, these cyberattacks have become too advanced for them to manage on their own.
As high-profile ransomware attacks continue to dominate headlines, it might look hopeless for organisations trying to get ahead of the threat if it is just a matter of time before they fall prey to malicious actors.
Cyber security tools may not be enough
Some might look to invest more in cyber security tools, but even that is not a guaranteed protection. Vulnerability gaps exist in every organisation, and ransomware attacks have proven adept at evading detection and penetrating traditional cyber defenses.
In my conversations with CIOs across APAC, I recommend a three-pronged modern data protection strategy to prepare for, minimise the impact of, and recover from an attack.
First, to safeguard against an attack and make detection faster, IT departments must ensure they keep software and operating systems updated with the latest patches. All employees must be trained to be aware of potentially malicious links or attachments in emails, especially unsolicited ones and those from outside their organisations.
Awareness of what is “normal” in how infrastructure operates is essential here. Without awareness, it could take weeks to see something “abnormal” to flag data or systems might be compromised.
Second, to minimise the impact of a ransomware attack, it is essential to backup data on a regular basis and keep it in ‘Safe Mode’. Make sure they are protected, encrypted, and immutable. Immutability is particularly important, as it keeps your data safe from being modified or deleted even from people with admin-level access to your systems.
Third, to enable a fast recovery following an attack, IT leaders should look at Service Level Agreements (SLAs) for restoring data as well as backing it up when choosing storage vendors. A ‘Rapid Restore’ of data is absolutely essential to get the business back on track as soon as possible.
A ransomware attack is not a normal recovery event that might involve a few lost files or a corrupted database. All files and databases of an organisation may be compromised, making the recovery task orders of magnitude larger than IT departments typically must deal with.
For example, consider that the restoration of a single database restore can easily take ten hours or more, with many taking more than 24 hours. An organisation may need to restore dozens or even hundreds of such databases, a herculean task even for the most well-equipped IT departments.
In sum, organisations that have been hit by ransomware attacks have learnt the hard way the importance of putting in place a modern data protection strategy. With a combination of proper preventative measures, real-time data backups, and a rapid restore solution, those compromised by ransomware attacks will be better positioned for swift return to operations.
Sunil Chavan is Vice President, Emerging Technology Solutions, Asia Pacific & Japan at Pure Storage