With ransomware rampant and growing, organizations need to take a frank look at their cyber security strategy and assess whether they have the wherewithal to put up a proper defense. Increasingly, the answer is: not without automated tools .
Ransomware is now part of 25% of all data breaches, according to the 2022 Verizon Data Breach Investigations Report. That’s up nearly 13% from the previous year and represents an increase as large as the previous five years combined. This is on top of an already sizeable base, as IDC reported in 2021 more than a third of companies were victims of a ransomware attack.
Data protection: key to ransomware defense
The last line of defense in preventing ransomware comes down to protecting the data that perpetrators are after. Doing so involves being able to detect the signs of a ransomware attack, which are not always obvious. Attackers may linger in your environment for weeks or months, conducting surveillance, looking for the most enticing targets. Increasingly, they may also be exfiltrating data, because stolen data gives them more leverage in exacting a ransom.
Such movements can be exceedingly difficult for even seasoned cyber security pros to detect on their own.
“It comes down to how to make this an easier human process that’s less taxing and has less technical burden on the IT and security department by implementing more autonomous operations,” said Christopher Winter, Technical Marketing Engineer with Veritas.
Enlisting artificial intelligence to power detection
One way to accomplish that is by using artificial intelligence-based tools to detect anomalies and to scan for malware.
Veritas NetBackup, for example, uses a concept called data clustering to detect anomalies. The idea is to normalize data over a period of time, say 90 days, to establish a baseline of normal activity. That includes changes in deduplication rate, data transferred, time of backup, overall size, and many files.
If there’s a deviation from that baseline, NetBackup will flag it with a color-coded alert depending on how serious the change appears to be. Such an alert may prompt the security team to investigate and see whether there’s a reasonable explanation for the change – or not. Some alerts may also prompt a malware scan, which is also AI-driven.
Automated operations to increase resiliency
Automation should also extend to the initial process of discovering new applications and systems and ensuring they are properly protected. That can be a challenge for IT groups when it’s so easy for various departments to spin up their own cloud-based applications with just a credit card.
Veritas has automated discovery tools that can detect any new application or system, Winter said. Then, with a modicum of input from the application owner following a pre-defined checklist, it ensures every new system or application receives the proper permissions and credentials and, hence, the appropriate level of data protection.
Similarly, NetBackup provides the ability to create customized, automated workflows to perform such tasks as starting, stopping, migrating, and taking over application operations and virtual business services. Disaster recovery rehearsals, which are crucial to ensuring your defense mechanisms work as intended, can likewise be automated.
Should the worst happen, the process of moving an entire data center to a backup site, either at a secondary site or in the cloud, can also be automated.
Winter has some simple advice for keeping ahead of bad actors: “You need to manage your data in a way that’s optimized, efficient, and free of human interaction.”
Learn more at https://www.veritas.com/ransomware