According to a recent white paper report, Developing a Cyber-Resilient Data Recovery Strategy According to Veeam, organizations will continue to be at high risk from emerging cyber threats until they establish practical frameworks to protect against ransomware and minimize the risk of falling prey to cybercriminals.
Andrew Smith, Chief Information and Strategy Officer at Kyocera Document Solutions UK commented: “Planning is crucial when it comes to cybersecurity for businesses. As with any potential disaster, you can’t protect yourself against something you don’t know about.
“The first step is understanding what needs to be protected and how vital each asset is. Cataloging and categorizing assets may seem less essential than more active forms of cyber defense, but the practice is essential to effective cybersecurity.
This is particularly important considering how quickly cybercriminals’ capabilities are evolving as they leverage AI, with the UK National Cybersecurity Center warning of this threat earlier this year
“A robust secure Backup infrastructure is crucial to IT environments. It ensures data security and stores multiple copies of all data, including data deleted from production. However, this also makes it a prime target for criminals looking to steal data and eliminate a company’s safety net, increasing the chances of a ransom payment.
Andrew Smith added: “Ransomware is designed to evade detection by frontline cyber defenses. To infect as many systems as possible, small changes must be made to evade detection. Attackers frequently delete backups, reduce backup retention times, or disable backup jobs to prevent access to the data they want to hold for ransom. It is important to be aware of these tactics and take steps to prevent them.
“Regular and thorough testing of recovery plans is also a critical cybersecurity practice, as it helps identify potential damage caused by ransomware. By testing a comprehensive recovery plan, including application verification, any failures encountered can reveal areas within the infrastructure where a critical file may be encrypted or a configuration file improperly modified. These tests can be particularly useful in learning how to detect malware that runs during a system’s boot sequence.”
Given the increasing use of AI by cybercriminals and the increasing sophistication of their methods, it is impossible for businesses to guarantee that they will never be compromised.
Andrew Smith added: “To achieve this, it is critical to eliminate the threat and quickly restore compromised data. All decisions should be geared towards achieving recovery time objectives (RTOs), similar to preparing for a natural disaster. Act decisively by stopping and removing ransomware from the environment, and optimize your defenses to prevent repeat attacks. This will minimize cleanup efforts and improve recovery time.
“Speed is of the essence. If response time is delayed, cybercriminals can find ways to infect recovery points, forcing them to go back further to find a clean restore point, which in turn leads to further disruption and financial and reputational damage.
Andrew Smith concludes: “Cybercriminals continue to improve their techniques, but if the right steps are taken, there is no need to panic. Take the necessary steps as a priority and you will be well placed to remain resilient in the future.”
Andrew Smith is a cybersecurity expert and CISO at Kyocera Document Solutions UK