Every week, another headline drives home the point – ransomware is one of the greatest threats we face today.
Earlier this month we saw the far-reaching impact a single ransomware attack can have when the world’s largest meat producer, JBS, was taken offline and production ground to a halt.
While there were warnings of potential meat shortages as a result, the loss of production had a very real human cost – a cost that highlights just how critical the ability to rapidly recover following a ransomware attack is to business resilience.
With production shut down for days as systems were restored, 11,000 Australian workers suddenly found themselves without work. The consequences went further through the supply chain, impacting farmers and primary producers who supply livestock to JBS.
We saw a similar effect last year when logistics giant Toll was hit with ransomware, and businesses including Optus and Telstra had their own operations impacted as Toll undertook remediation action.
As attacks become more brazen, it is clear a new approach to data security is required to keep Australian businesses running.
The traditional approach to cybersecurity has been to adopt a fortress mentality, focusing on preventative measures and perimeter defences.
This assumes 100% of attacks can be stopped ‘at the border’. Enterprises have been investing in such measures for decades, yet still attackers are able to thwart them and bring businesses to their knees. This demands a rethink.
While perimeter security still has its place, organisations need to consider how they can make their data resilient when an attacker breaches those defences – this is the core of an ‘inside-out’ approach to security.
Let’s take the physical security of a bank branch as an example. Its doors might include heavy locks, complimented with CCTV, alarms, and security guards. But once past these defences, are cash and gold left strewn in a storage room?
No. They’re locked up in heavy safes that can’t be breached without an access code or key.
The ‘crown jewels’ of every business today is its data, and that data must be protected in a similar way.
Back Up and Running
For any victim of ransomware, recovery – without being forced to pay the attackers a million-dollar ransom – comes down to the quality of its backups.
Ransomware attacks are evolving all the time but there’s one recent development that is particularly concerning.
Attackers have begun targeting and encrypting backup data to make recovery even harder. Backup data ruins the entire ransomware business model because it allows a business to restart operations from a ‘save point’ prior to the infection. Hackers are well aware of this, so by also encrypting backup data, the victim is more likely to have to pay the ransom.
The Australian Cyber Security Centre recommends organisations back up their critical data at least daily to ensure operations can restart quickly following a ransomware attack. The more frequently data is backed up, the more rapidly you can recover without having to pay attackers the ransom – which recent research suggests is AUD$1.25 million on average.
This ability to rapidly recover operations from backup data is the best ransomware counter-measure businesses have at their disposal.
Consider the experience of another Australian ransomware victim – Queensland-based Langs Building Supplies.
The business was hit with ransomware one morning, with the malware quickly encrypting hundreds of thousands of files and rendering them inaccessible. Despite the extent of the attack, Langs was able to completely restart its operations from its immutable backups within just an hour.
Rather than face days, weeks, or even months offline struggling to recover its systems – along with the need for expensive cybersecurity consultants and forensic specialists to support the remediation effort – Langs’ business was back operating at 100% capacity before lunchtime on the same day.
Immutable backup solutions, like those Langs relied on, are the core of an inside-out approach to data security. Because backups can’t be modified by anything other than approved applications, and because they’re natively air-gapped (meaning the data can’t be accessed through standard internet links), backups can be relied upon to rapidly restore business operations following an attack.
Turning the Tables
Ransomware attacks are estimated to have cost Australian organisations up to $241 million in 2019. The true figure, however, is far greater as this does not include the cost of lost production – on average, an Australian business suffers 16 days downtime in the wake of an attack. Facing the possibility of more than two weeks offline, many Australian businesses decide to pay the ransom.
According to research Rubrik and IDC recently released, 18 per cent of Australian organisations had experienced a ransomware attack in the past two years and 29 per cent of these paid the attackers to regain their data because they couldn’t reliably recover from their backup data.
This cost of lost production, as we’ve seen in the recent JBS attack, is the most damaging consequence of a ransomware attack.
With an inside-out approach to data security, one that focuses on making business critical data resilient to ransomware, businesses can finally turn the tables on attackers.