Whitepaper | Ransomware: The Extortionists Have Upped Their Game, Are Your Defenders Keeping Up?

Josh Porter

Cyber-attacks are more impactful and frequent than ever – even with the right security technology in place. Organisations are facing mounting pressure to ramp up their digital transformations and cloud adoptions to keep the attackers out, but the key questions remain – are you equipped against ransomware attacks and what’s the best recovery formula to adopt based on your organisation size and needs?

We invited a group of heads of IT security, CISOs, and directors of cyber operations to discuss ransomware threats and more about:

  • Securing the organisation while driving transformation
  • Combatting technical debt and legacy challenges
  • Building confidence in an effective recovery strategy

Rela8 Group’s Technology Leaders Club roundtables are held under the Chatham House Rule. Names, organisations and some anecdotes have been withheld to protect privacy.

About Veeam

Veeam® is the global leader in backup, recovery and data management solutions that deliver Modern Data Protection. Modern Data Protection enables customers to achieve unmatched data management and protection, providing confidence that your data is protected and always available across on-premises, edge, and cloud. As today’s IT organisations look to innovate faster, using dated disparate legacy backup and recovery solutions drastically hinders customers’ forward-looking initiatives. The Veeam Platform provides a single platform for protecting cloud, virtual, physical, SaaS and Kubernetes environments that is simple, flexible, reliable, and powerful.

Evolving Threat Landscapes

Cyber criminals have unquestionably upped their game, leaving organisations of all sizes vulnerable to costly and disruptive attacks. As the global economy becomes more reliant on data and digital infrastructure, the impact of ransomware attacks has grown exponentially, making it imperative for businesses to not only defend against these threats but also to ensure that their defences are resilient and adaptable. For businesses today, driving digital transformations is the goal, but remaining secure as an organisation expands into new digital environments is an entirely new challenge.

Securing Your Transformation

How do you secure your data whilst supporting the business need for digital transformation? There is unfortunately no simple answer to this question with every business on a different journey. However, a key consensus remains that regardless of what challenges an organisation is facing, common sense best practices and strong foundations will go a long way to securing any environment.

Security experts have emphasised it time and time again, but you can’t secure what you aren’t aware of, making asset inventory, data classification, and effective data management critical elements of any digital transformation. Similarly, taking the opportunity of a transformation project to consolidate and minimise your data footprint is an effective way of reducing the risk and prioritising your key assets. Building security into the transformation from the beginning of its lifecycle is common sense. This means plucking the low hanging fruit that ransomware attackers are most likely to exploit. Developer backdoors, default passwords, poorly secured admin accounts – by removing even the simplest avenues of attack, an organisation has already dramatically reduced their risk.

Going even further, Zero Trust principles, least access and other identity management strategies play a big part in securing cloud environments. By ensuring that nobody has blanket access, any access granted is time-based, and assuming you have already been breached, security teams can mitigate the risks around identity – one of the most common vectors for ransomware.

A Secure Culture and Shifting Left

When it comes to securing an organisation, all too often the main focus is on tools and technology. At the same time, the human element is constantly identified as the weakest link in the security chain. When it comes to securing against ransomware, there is no substitution for basic cyber hygiene and education. Security teams need to constantly be training, educating, and reinforcing security’s importance throughout the business. As the business becomes more aware of the challenges of security, responsibility can be shifted onto other teams.

When speaking to the board, if the risk of evolving threats doesn’t adequately concern them, remind them of the consequences of falling afoul of the shifting legal and regulatory landscape. Risk alone should be enough, but legal ramifications make for a strong financial motivation to get security on the agenda. By inserting themselves into the conversation much earlier in the process, security can mitigate some of the long-term effects of their technical debt by ensuring that security is being built-in from the beginning.

Developer backdoors, default passwords, poorly secured admin accounts – by removing even the simplest avenues of attack, an organisation has already dramatically reduced their risk.

Technical Debt

The best solution to technical debt is to remain diligent and deal with it piece by piece. Unfortunately, with security teams constantly jumping from project to project, their ability to think strategically and remain diligent with regards to technical debt is hampered. Security teams need to take steps to establish better relationships with the business to manage expectations and give themselves and opportunity to approach technical debt as a priority.

By holding regular reviews with the board, security teams can leverage the risks around technical debt into action to prevent an accumulation. Security teams need to quantify the costs of remediating this debt against focusing on things that are perceived to be more valuable. Provide context around how you make a risk informed security decision and then empower them to own the risk on the business side. If the system goes down and they chose not to make certain changes or certain patches, they own that risk.

All parties benefit from having these candid conversations. Security can push for prioritisation, data democratisation, and accountability within the business arms, and by engaging with the organisation’s goals, they can better work as business enablers.

A Confident Recovery

How do you build confidence in your recovery strategy? You test it. Tabletops are critical to establishing a recovery plan that encompasses the full reality of the situation – it is never as simple as restoring from the last backup. By starting with a business impact and risk analysis, security teams will be able to get a better understanding of how regularly they need to be testing and auditing their security.

In a similar vein, pen tests will expose your areas of greatest risk and help organisations to identify how attackers might target them. Armed with all this information, security teams should be taking steps to tailor their recovery strategy.

When it comes to recovery management, not every organisation is able to spare the resources necessary to meet KPIs and test as required. In these instances, third parties exist to bear the burden of not only securing your backups but providing forensic environments for testing backups and managing the restoration.

Are You Keeping Up?

As digital transformations and cloud adoptions become essential for staying competitive, the need for robust cyber security measures has never been more critical. In today’s digital landscape, organisations must recognise that cyber security is not a one-time effort, but an ongoing commitment. By ensuring that foundations of security and data hygiene are put in place, and the wider business is equipped to manage their own responsibility for security, organisations can drive development from a position of strength.

The most determined cyber attackers will work doggedly to penetrate any level of security you throw at them. More focus needs to be placed on ensuring your business can recover quickly and securely. Cars have airbags and seatbelts, but it’s not always enough to protect people in a crash – cyber security is the same. Staying ahead of cyber threats requires vigilance, adaptability, and a collective effort across all levels of the organisation.

How do you build confidence in your recovery strategy? You test it

Scroll to Top