Article
7 min

BTEX 2023: How to Strengthen Your Organization’s Cyber Resilience

Ransomware attacks continue to grow in frequency and many struggle to defend against them. Here’s what you can do about it.

What's Inside
  • Building cyber resiliency

    How can organizations build cyber resiliency and ensure complete recovery from a ransomware attack? They need to consider the business side by enhancing their capabilities to protect against, defend and recover from ransomware.

  • Data backup and recovery

    Regularly backing up data is essential, but there also needs to be a recovery plan around restoring data within certain timelines so the business can continue operating without major disruption.

  • The 3-2-1 rule of data backup

    It’s essential to have three copies of data saved on two separate media types plus one that should be air gapped or configured as an immutable backup that prevents data from being altered or tampered with.

  • Why it’s important to have a clear data recovery plan

    In a situation where your organization’s data is compromised and you’ve decided to refresh from a backup, how would you know data contained in the backup you are restoring is clean?

  • How CDW can help

    CDW has a wide range of products and services, including managed services, to help you navigate the complex world of data backup, create a restoration plan, create governance controls and manage cyberinsurance policies.

/

CDW’s 2023 Canadian Cybersecurity Study revealed ransomware as the most frequently cited cyberattack that organizations are most concerned with.

Nyron Samaroo, Principal Field Solution Architect at CDW, recently shared this survey finding and told an audience attending CDW’s Business Technology Expo that ransomware attacks remain prevalent and most organizations are challenged to effectively defend against them. Speaking on the topic of Strengthening Cyber Resilience to Secure Your Future, he outlined tactics for how organizations can be resilient in the face of ransomware cyberattacks and the challenges that ransomware poses.

Ransomware attacks are growing in frequency, Samaroo said, and organizations struggle to defend against them. In fact, multiple attacks are typical.

“From our findings (we’ve discovered) that ransomware attacks just don't happen once,” he said. “There is typically a repeat. We see that 76 percent of those that were impacted by a ransomware attack experience a repeat – a second, third or fourth reinfestation of ransomware in their environment.”

According to Samaroo, the average payment payout for ransomware is approximately $220,000.

“But after we do further analysis and understand other areas of revenue loss, the resource time spent and other monetary aspects, we determined that the overall cost of ransomware at the end of the day is closer to $1.4 million per incident,” he said.

Most organizations typically rely on backups as a last resort to recover from a ransomware attack. But even then, according to Samaroo, one in three CDW customers struggle to completely recover from ransomware and are often challenged to restore their computing environments from a “clean” backup.

Building cyber resiliency

How can organizations build cyber resiliency and ensure complete recovery from a ransomware attack?

They need to consider the business side by enhancing their capabilities to protect against, defend and recover from ransomware, Samaroo said. It’s important to understand where business assets are, how important they are and the nature and type of data that supports those assets. Not all data are equal, he says, and it’s essential to examine data interdependencies.

“If you have your active directory, for example, that is a key part of accessing your data from an identity and access management perspective,” Samaroo explained. “If you have multifactor (authentication) as a sub-component of that, you want to make sure you understand the interconnectivities between each of the data points in order to deliver applications or services to your external customers, your business customers and so on.”

You also want to understand the acceptable amount of downtime your organization can tolerate for specific applications and that some may be more critical than others.

Consider how you measure the restore time and the response time to ensure those applications are back up online quickly and that you're getting the connectivity to the services that are essential to your business, he said.

And when it comes to backing up data, it’s important to understand when data becomes “stale” or no longer productively useful within specific applications and services. You don’t want or need to back up and maintain such data that is end of life, since there’s a cost to store and maintain it. Backing up such data will also impact your restore time, Samaroo said.

Data backup and recovery

Backup and recovery are two sides of the same coin. Regularly backing up data is essential, but there also needs to be a recovery plan around restoring data within certain timelines so the business can continue operating without major disruption. And make sure that the controls for the repository where data is backed up are regularly tested.

“Our suggestion here is to ensure you're doing penetration testing exercises – such as social engineering and networking-based penetration testing – against your backup repository of information,” Samaroo said.

You also need to understand your cyberinsurance policy obligations and follow the requirements and commitments of that policy to ensure that you don’t violate your agreement. To that end, the technology used to protect a backup repository should include multifactor privilege identity management so that you always verify the users of your data are who they say they are, Samaroo says.

Consider multiperson authorization to access or restore data and impose strict control to ensure that access when needed is granted and with the right approvals. Be sure that encrypted data and encryption keys are always stored separately so that, in the event that data is exfiltrated, keys for decrypting are not contained within data that may have been compromised.  

The 3-2-1 rule of data backup

Samaroo said it’s essential to have three copies of data saved on two separate media types plus one that should be air gapped (a security measure where a computer or network is kept isolated and prevented from establishing external connections to other devices) or configured as an immutable backup that prevents data from being altered or tampered with.

“We want to make sure that ransomware doesn’t touch that immutable backup or air-gapped backup because it is a last resort in restoring your information,” he said.

Another aspect to consider is ensuring that the quality of backups is maintained. Use test procedures to prevent corrupt data from being backed up and to ensure backed up data itself does not become corrupted.

Samaroo suggested using available advanced machine learning and artificial intelligence (AI) tools to ensure backed up data integrity and integrate backups with scanning and protection tools that query and provide alerts if malicious data is detected during the backup process.

Why it’s important to have a clear data recovery plan

In a situation where your organization’s data is compromised and you’ve decided to refresh from a backup, how would you know data contained in the backup you are restoring is clean?

“In some cases, you might need to do a breach assessment to understand where your (clean data points) are,” Samaroo explained. “But in the meantime, while that breach assessment is happening, you may not have data needed to serve your customers.

“So, in that scenario, you want to consider something like a ‘clean room’ restoration point – whether it be cloud, a separate data centre or a separate infrastructure that you have on standby – that you can completely restore from while leaving your production environment intact to do that breach assessment to investigate and understand what transpired through an initial breach.”

How CDW can help

CDW has a wide range of products and services, including managed services, to help you navigate the complex world of data backup, create a restoration plan, create governance controls and manage cyberinsurance policies.

CDW’s consulting services can perform tabletop exercises with your teams and provide risk advisory services to help you understand where technical or governance gaps may lie in the backup and restoration process. CDW can also help with full disaster recovery and management of on-premises or cloud storage environments.

On the security side, CDW provides a managed extended detection and response (XDR) endpoint monitoring service for early detection of ransomware attacks before they can migrate laterally throughout an organization.