*By Umberto Rosti
Much has been said about protecting the ransomware attacks, from simply keeping your IT assets up to date to architectures zero trust and more elaborate (and expensive) solutions.
Currently, Ransomware attacks migrated from simple targets (small companies) to large corporations and consequently their ransoms went from a few dollars (bitcoins) to millions of dollars, directly in the impact of the companies' image to direct and indirect losses with post-attack downtime.
But how to protect what really matters, your information?
Understand that all "the basics" must have been done: up-to-date IT environment, a good detection and response solution and at least a monitoring of your critical environment through a SOC specialized with report straight to board organization to present IT operational risk. But I won't deal with that here, let's talk about the last possible resource for an organization to continue existing with its data, since the attack can have a level of sophistication that could circumvent all existing controls. (As happened in some organized attacks with a good cybersecurity weapon – yes a good one exploit is considered a weapon nowadays)
The last bastion of protection for your data should be to take the vault approach to your data, where you will keep a copy of the data. crown jewels, using the three actions below:
- Security by design – the idea is that your data vault does not accept incoming connections and only connects to the assets it will copy the information to, granularly controlling all connections. Every connection from an administrator must occur only through a jumpserverin a very controlled way, monitoring every action of the administrator.
- The more temporal data the better – having a good process for copying and storing data is essential, since a backup can also have its integrity compromised, so one should look for a process that saves complete and incremental historical versions. For example, daily copies to your incremental vaults, four completed weeks and twelve monthly copies stored for a long period. This means that you always have at least 7 incremental days, 1 month of full weekly copies and one year of monthly copies, to have a wide range of recovery options within the RTO and RPO required by the business.
- Do not use? Disconnect — what's the use of having the safe with you? - the premise that the safe is only connected to the network when backups are performed, so you protect the integrity of the safe when it is not in use, remember it is the bastion of your company's data and must be protected as such. Even many companies take the weekly copies to keep on another site, to protect against other disasters. If the choice of your vault is an IaaS (infrastructure as a service) provider that might be a good candidate, think of different providers and different locations, as the same logic above.
With these three premises for your data vault, for sure, when all else fails, you will have your crown jewels, your data, to continue your business and consequently save millions of dollars against a Ransomware attack or any other catastrophe.
— Umberto Rosti is Charmain of Safeway
THE SAFEWAY is an Information Security company, recognized by its customers for offering high added value solutions, through Information Security projects that fully meet business needs. In these years of experience, we have accumulated, with great pride, several successful projects that have earned us credibility and prominence in our clients, which constitute in large part, the 100 largest companies in Brazil.
Safeway can help customers better understand their Information Security needs, as well as the tools needed to detect, respond and mitigate their risks involving threats and regulatory issues. In this way, our professionals and expert consultants can help eliminate small problems before they become big ones. Security, Vulnerabilities and Fraud Management actively analyzes your company's security through monitoring activities, mitigating risks and attacks in the IT environment.