In recent months, ransomware attacks seem to be in the news every day. In late 2020, the health care industry saw a large increase in attacks during the height of the COVID-19 pandemic. Just last month, Colonial Pipeline was attacked, causing fuel shortages along the East Coast. Even the ferry service to Martha’s Vineyard was hit in recent weeks.
The federal government has reacted by issuing a White House executive order and memo urging businesses to take immediate steps to increase defenses.
In the memo to business leaders, the White House stated, “All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location.” Chris Krebs, former top cybersecurity official for the U.S. government, went as far as calling ransomware a “global pandemic.”
The memo goes on to recommend steps that companies can take immediately to lessen their risk:
- Back up your data, system images and configurations, regularly test them, and keep the backup offline
- Update and patch systems promptly
- Test your incident response plan
- Check your security team’s work
- Segment your networks
Let’s concentrate on the first step, backing up your data, system images and configurations. The White House states in the memo:
“Ensure that backups are regularly tested and that they are not connected to the business network, as many ransomware variants try to find and encrypt or delete accessible backups. Maintaining current backups offline is critical because if your network data is encrypted with ransomware, your organization can restore systems.”
Consider the statement “many ransomware variants try to find and encrypt or delete accessible backups.” Most business owners think keeping a backup is enough. However, monitoring these ransomware attacks has shown that a traditional backup is not enough. Ransomware attacks are not just going after active networks but are often corrupting the very backups used to restore the necessary systems.
“Maintaining current backups offline is critical because if your network data is encrypted with ransomware, your organization can restore systems.”White House Memo
So, what is a company to do?
The answer is also included in the memo: maintain current backups offline and ensure they are regularly tested. For many businesses, this means implementing an air gap backup for critical information. Air gap backup involves maintaining a copy of your organization’s data entirely offline. These solutions can be expensive and difficult to maintain, but they are the surest way to preserve critical data.
Businesses also must be able to distinguish between critical and non-critical data. Understanding the data being protected can help establish effective backups that limit a business’s susceptibility to ransomware attacks.
All businesses must comprehend and implement best practices to limit their susceptibility to cyberattack. As the government stated, all organizations are at risk “regardless of size or location.” But first, companies need to get a handle on the data they hold – both quantity and quality – before they can set up these critical security solutions.
Akita Data works with companies to provide a high-resolution view of their data and recommend best-fit services and technology, including air gap data backup solutions.