The R-rate shifts from area to area, but in many places companies are preparing for their work from home workers to return to work in some form. However, inviting the team to their desks brings with it new concerns and considerations that IT departments must grapple with.
These challenges range from making sure none of the returning devices have been compromised by malware, to re-evaluating systems and processes that were rated “good enough” prior to the pandemic. With ransomware breaches on the rise, as evidenced by the recent Blackbaud attack, organizations of all types need to ensure that their systems are not only “good enough”
A familiar enemy returns
For companies, the threat of a cyber attack is an everyday problem. During the lockdown, when people working from home were using unfamiliar tools, cybersecurity became a more pressing issue than ever. Companies like Honda and EasyJet felt the full force of it as both were hit by cyberattacks while trying to respond to the disruption from COVID-19. However, from a cybersecurity perspective, this phase of working from home could be the first wave of attacks.
When employees are invited back to the office, there is a real risk that they will bring infected devices with them. Once these devices are back behind the corporate firewall, latent malware can quickly spread across the network and cause significant damage during a critical recovery phase.
There are two things that make this not only likely, but also likely. First, the pandemic coincided with the appearance of the EKANS virus, which may be dormant on devices and not visible until they reconnect to the corporate network and have the opportunity to attack ICS data from the side. Second, there is evidence of a 72% increase in the number of new ransomware samples in the past six months.
Many IT departments are already overwhelmed as they support new flexible work initiatives as you add new threats to the mix that need mitigation and a large number of vector devices that may have been exposed to all kinds of malware since they were last viewed. This could be the perfect storm ransomware needs to take hold.
A good backup plan
Whether legal, serious or financial, the theft of your customer data can have serious consequences. Take Garmin for example; There have been several reports that the company had to pay a multi-million dollar ransom to retrieve its data after falling victim to a ransomware attack in July 2020. For companies looking to mitigate these risks, an effective data protection solution can help eliminate the risk of data loss.
In large part, ransomware attacks are based on the inability of companies to restore data encrypted by hackers who use this leverage to extort huge amounts of ransom in exchange for the encryption key. However, if companies securely store another trusted copy of this data elsewhere, ransomware attackers lose that position of power.
With an effective data protection solution, companies that fall victim to a ransomware attack can quickly get back to work without interacting with the hackers. At that critical moment, when companies discover that their data has been stolen, a combination of local and cloud backups allows the company to easily restore that backup data and get back up and running.
When it comes to implementing an efficient data protection strategy, the 3-2-1 rule is a good guideline. To do this, three copies of your data must be available, two of which are on different storage media and one is provided with an air gap at an external location. Since attacks often focus on encrypting backup servers as part of their invasion, the need to physically isolate such a copy of the backup data from the network (called an air gap) may be more important than ever.
While businesses must accept that there is some level of inevitability in the event of a data breach, it is not only wise to be prepared for it, but it is inexpensive and demonstrates corporate responsibility.
Adaptation to the new reality
While preparing for the possibility of a ransomware attack when employees return to the office is an immediate priority for many IT departments, we also see that they channel their energy into changing systems to accommodate long-term changes in the traditional way of working You expect as a result of COVID-19.
Many companies have managed to quickly give their employees the opportunity to work from home at short notice. In many cases, however, that speed was based on need rather than a level of readiness. As a result, some companies would have accepted the compromise that such a rapid introduction would lead to short-term risks. Processes that would normally have taken months, such as audits, tenders and staff training, have sometimes been shortened to a week. Meanwhile, technology deployments that may have been outsourced to specialists have instead been installed by in-house talent.
When systems and processes change from temporary to permanent, they have to be revised and revised. But that doesn’t mean it will be easy. Ultimately, there are multiple devices, applications, and in some cases operating systems that have been out of the company’s central loop for months. Additionally, there is no guarantee that these devices were used solely for work, as Netflix binge sessions and Zoom quiz nights are the status quo for much of that time.
Having a complete overview of your IT infrastructure and data environments has never been more important, and the danger for companies that do not take the correct precautions cannot be overstated. Organizations need to ensure that their data is not isolated, unclassified, and unmonitored in various separate cloud and on-premises environments.
Instead, employees should be able to access it from a connected platform like the cloud, backed by the latest and most resilient security software. This makes companies more resistant to ransomware attacks both preventively and reactively. Regular or even constant monitoring of sensitive data, which is most at risk of being encrypted, also speeds up the reactive process.
In today’s world, the unfortunate truth is that ransomware attacks are inevitable. Companies should definitely take the strictest security measures to prevent infiltration. Just as important, however, are excellent detection processes to identify attacks and strong solutions to protect data backups so that you can react afterwards. There’s no excuse not to be prepared when you’ve been warned.
- Ian Wood is Senior Director and Head of Technology at Veritas.