Traditional backup and disaster recovery are unlikely to protect critical enterprise data from the impacts of a ransomware attack. This is according to Mike Styer, country manager at GlassHouse South Africa.
Speaking at a GlassHouse webinar on cyber recovery, hosted this week in partnership with ITWeb, Styer said organisations were at significantly increased risk of having data breached or their systems shut down. The most common ways in which data is compromised include malware attacks, man in the middle, phishing, credential theft and password naivete and brute force attacks, he said.
“Ransomware is an increasingly prevalent problem, and South Africa is exposed. Whether you pay the ransom or not, you will suffer some cost or reputational damage. 15% of South African organisations have reported a significant impact from successful ransomware attacks, with 10% experiencing downtime of seven days or more. In South Africa, a financial institution took almost four weeks to have the confidence to bring their portal back online after a recent breach.”
A poll of webinar participants revealed that none of them felt extremely confident about their organisation’s overall security posture, and only 14% were very confident. Most said they were only slightly confident and 7% said they were not at all confident. In addition, only half said they had cyber insurance to help mitigate the losses incurred in a ransomware attack.
“This is not just an IT problem, or just a business problem – it’s both. It impacts IT security, risk and compliance, legal, organisational reputation, and finance – right up to board level,” he said.
In South Africa, a financial institution took almost four weeks to have the confidence to bring their portal back online after a recent breach.
Traditional backup and recovery are not enough, said Styer.
“It has its place, but it delivers no real cyber resilience capability, because the first thing cyber criminals will attack is your backup. The world has evolved, cyber crime has evolved, so you need a robust cyber resilience programme in place and an air gapped vault where you can keep a copy of your data that is 100% immutable.”
In addition, organisations needed artificial intelligence continuously monitoring data and detecting any anomalies and suspicious changes, he said.
Greg McDonald, director for Systems Engineering at Dell Technologies South Africa, noted that 69% of global IT decision makers lack confidence in their organisations’ ability to successfully recover all their data after a data breach. “Nobody is immune. Dell alone is blocking about a million attempts a day globally,” he said.
Globally, there is around $5.2 trillion in risk over the next five years, coming from criminals, nation state attacks, espionage, terrorism, hacktivism and insider threats, said McDonald.
“The backup is probably the easiest thing to attack. The first thing they look at is the master backup catalog – to lock it down, encrypt it or slow it down. The average bad actor sits inside a compromised system for an average of 100 days or more before the attack is actually launched. So they’re sitting there for roughly 100 days, understanding the organisation, collecting data, and then they launch the attack.”
He highlighted Dell’s PowerProtect Cyber Recovery solution and CyberSense for ransomware detection. “We’ve put significant investment into producing a first-rate product,” he said.
PowerProtect Cyber Recovery and CyberSense protect and isolate critical data from ransomware and other sophisticated threats, using machine learning to identify suspicious activity, and allow organisations to recover known good data and resume normal business operations. He noted that Dell PowerProtect Cyber Recovery is the first turnkey data vaulting solution to be endorsed by Sheltered Harbor – a non-profit, finance industry-led initiative to enhance financial sector stability and resiliency.
McDonald said the data that should be secured in a vault included authentication, identity and security data, active directory, DNS dumps, event logs, networking configurations and settings, IP, source code, proprietary algorithms, developer libraries, services design, storage, intellectual property, host and build tools and documentation such as CMDB/asset DR and cyber recovery. Run books and checklists, management extracts and HR resources and contact lists.
Alp Bağrıaçık, GlassGouse CEO said the company had invested heavily in its cyber recovery service, offering a complete suite of cyber recovery software, data protection storage, usage reporting, processes and run books.
“Our fully managed service is delivered 24/7/365 by Dell-trained experts. This provides the highest level of cyber protection, security and availability for critical data,” he said.
Bağrıaçık said "Dell provides fantastic technology and GlassHouse has designed a five-step process to bring the technology alive".
"Our consultants identify the most critical data and applications to protect. We design a tailor-made cyber recovery solution to fit the business objectives. We deploy the solution, operate the backup environment, and in case of a cyber recovery event, our experts help customers respond to issues with processes and run books."