To protect your business against cyber attacks, anticipating threats and having appropriate measures in place ensures business operations are able to continue even if the system is unavailable. This post outlines five key considerations/approaches businesses should take to help eliminate the risk of having to improvise if company data is under threat.
Giles Rothwell
Director – Security Testing & Assurance
CyberCX
Conducting regular audits to maintain critical operations
Key systems and data sources that are required to maintain critical operations within the business should be clearly identified and regularly tested. The backups and continuity plans must be tested to ensure that they are effective and stored in a secure location.
Conducting regular audits ensures that the backup systems that the company has in place work and any weaknesses can be efficiently identified to increase the defence without compromising the business.
Maintaining multiple backups both online and offline
When backing up your business data securely it’s better to have multiple online copies in addition to offline backups.
Having data backups in the cloud is recommended as file storage and management in the cloud is easier as they are available anytime and from any location. The major downside to backing up critical business data in the cloud is that security settings need to be reviewed regularly as well as access permissions.
For offline alternatives, external hard drives can be used, which are still a popular solution as the hard drive is a one-off purchase. However, the data needs to be stored safely, in a secure location to prevent it being lost or stolen. Another downside to having an external hard drive as a backup is that if they are not handled with care, the drive can become corrupt, which is why it’s recommended to have both online and offline backups.
The attackers ‘dwell time’
Another key consideration when restoring systems from attackers is the dwell time, which is the time between the initial compromise of the data and the subsequent attack. To ensure that the systems are secure, conducting a thorough investigation to identify the full scale of the initial attack is required. Also, it’s recommended to check the systems that have been restored from the backups before using them as they could also be affected by the attack.
Educating staff
No matter the size of your company, your data is still vulnerable. Making sure your staff are well educated on how to protect systems and data can contribute towards the business staying compliant and protected.
Provide regular updates to employees, strengthen data protection as well as cyber security training to create a security-focused workplace culture.
Create a priorities list to secure sensitive data first
Developing a framework for how to go about restoring critical systems and data sources, as well as considering a priorities list. When the company is under threat, speed is critical to the businesses operations. Even if there are robust security operations in place, a ransomware attack can still take place, causing the backup software to also become corrupt. Ensure that all sensitive data is encrypted including customer and employee information as well as business data.
Backups under attack
In one investigation conducted by CyberCX, our client maintained a best practice backup regime, including multiple copies of backups on disk, plus critical data on drives which were routinely disconnected and rotated through off-site storage. When a ransomware attack occurred, the victim organisation retrieved the off-site backups, only to find that they had been wiped. Our investigation showed that the attacker remained quietly inside the network for weeks and systematically wiped each backup after it was taken, but before the drive was removed and taken offsite. When the attacker identified that each backup drive had been cycled, they wiped the last backup and detonated their ransomware across the network. Regular verification that backups were intact and validation of the entire backup and recovery process would have allowed the client to restore business operations without needing to ever engage with attackers.
Ransomware and Cyber Extortion
If you’re concerned about the threats of cyber attack and want to protect your organisation, download the CyberCX Best practice guide which provides practical tools for people at all levels of an organisation to understand and manage the risk posed by ransomware and cyber extortion.
