According to Sopho’s 2021 Ransomware report, 42% of the firms surveyed in the Philippines reported that they were hit by ransomware in 2020, which is an increase from 30% in 2019. Attacks have become increasingly diversified and sophisticated, targeting organizations and businesses of all sizes.
Ransomware is a type of malicious software that compromises a user’s device, encrypts and blocks the user from accessing their files and then demands a ransom in exchange for restoring the files. Traditional forms of ransomware simply encrypt files, while more modern variants go one step further by also transferring potentially sensitive data to the attackers, who then threatens to release them.
Preventing ransomware attacks is also no longer as simple as avoiding suspicious email attachments and installing an antivirus. Threat actors have been increasingly successful at exploiting organizations through phishing, social engineering, and exploiting unpatched or zero-day software vulnerabilities.
Register to Synology Free Webinar to Protect and Recover Your Business from Ransomware: https://sy.to/gbnsy
Establishing security awareness and systematic planning
Though ransomware attacks pose an existential threat to businesses, more often than not, little is done to protect against them. Fortunately, there are some easy ways to mitigate risks.
IT teams are the first line of defense against ransomware and can block many attacks before they reach end-users or critical systems. Modern security practices leverage multiple “layers” of protection. Starting at the outer most layer, using a well-configured firewall and Intrusion Detection/Protection System (IDS/IPS) can help block out large portions of low-level attacks. Additional network monitoring and analysis tools can then be set up to check for unusual and suspicious traffic patterns, with containment plans in place should the need arise.
On endpoints and servers, IT should ensure that deployed software, operating systems, and anti-malware solutions are up-to-date. Additionally, user accounts should be well thought out, with each account configured to only allow access to what they need and nothing more. The same concept applies to system administrator accounts, avoiding using a single account that has access to everything. Partitioning access to different systems and minimizing access to only what is needed can help drastically reduce the damage inflicted when credentials are leaked.
Plan, practice and be prepared
Maintaining good security also requires all end-users to be well educated on potential threats, as many breaches have been caused by users falling prey to phishing and social engineering tactics. Training programs should be in place to provide examples of modern phishing attacks and how social engineering can happen. Additional best-practice knowledge should be shared on handling suspicious e-mails, identifying spoofed websites, and most importantly, how to report a security incident.
Crisis management plans should be well documented and rehearsed. For example, who should handle communications, internally and externally? What processes will be used to conduct auditing, damage analysis, and customer and authority notification, should the need arise? Internally, IT should always maintain up-to-date deployment maps of which systems are doing what, which are dependent on one-another. Contingency plans should be in place should a total site shutdown be required to contain and/or remove the malware.
Set up multi-version, offsite backups and real-time recovery mechanisms
While employee education and IT teams can mitigate ransomware attacks to a large extent, due to the unpredictable nature of attacks, systems can never be 100% protected.
The only fail-safe way to completely protect digital assets is to have a comprehensive backup strategy in place from the start. This will ensure that if systems are compromised, there will always be a clean version of data to recover from.
One popular backup methodology is the 3-2-1 backup strategy. Simply put, this is 3 copies of your data, across 2 different mediums, with 1 copy offsite. An example of this could be storing your data on an on-premise server, with two backups, one on-site and another located on the cloud or at a remote site.
Synology robust backup solutions
Using Synology NAS, businesses can implement this strategy easily with built-in, license-free, backup solutions.
Active Backup for Business protects Windows/ Linux PCs and Servers, virtual machines on Hyper-V and VMware hypervisors, and file servers, with flexible recovery options and global deduplication.
Snapshot Replication enables point-in-time backups that allow fast restoration of files, folders, and iSCSI LUNs. Snapshots and replication tasks can be scheduled as frequently as every 5 minutes, minimizing RPO.
Hyper Backup enables multi-versioning and schedulable backups of data stored on Synology NAS to local and remote destinations including public clouds.
To preserve digital assets in an era of ever-evolving ransomware, Synology believes that proactively backing up files regularly is a necessary step to protect important data.
Learn more about the benefits of backing up with Synology NAS, visit https://sy.to/jmhnw.
The latest tech news delivered to your inbox
Subscribe to INQUIRER PLUS to get access to The Philippine Daily Inquirer & other 70+ titles, share up to 5 gadgets, listen to the news, download as early as 4am & share articles on social media. Call 896 6000.