Bridging the Gap: Keeping Ransomware Attackers at Bay
Virtual Air-Gaps Provide Accessible Back-Ups With Uncompromised Security
Historically you’ve had to choose between either air gapped isolation or effective data access and control – now you can have it all.
With cybercrime, and ransomware in particular, becoming increasingly common, ever more sophisticated and exceedingly expensive, boardrooms everywhere are looking for risk mitigation strategies that can offer complete protection.
Of course there is no such thing as complete protection as long as you are connected and someone is able to access your data. You may have done everything you can to reduce the threat landscape as much as is possible and to ensure that access controls are in place to prevent all but a set of golden keys from obtaining access privileges, but if these keys are compromised then all is lost.
The challenge that we have is one that we have all recently experienced with lockdown. Either you’re fully locked down and thus safe from infection, but unable to mix with others, or you’re not fully locked down and the nature and frequency of any contact that you have, dictates your chances of catching or spreading any infection.
The full isolation approach with air gapped networks or backups is nothing new. It is common to protect ultra-secure computer networks by physically isolating them from unsecured networks, such as the public Internet. This approach provides the ultimate protection against cyberattacks and data exfiltration with such networks and data completely safe …. until that is you come to access them. The simple act of gaining access introduces an attack vector. The choice has therefore always been one between total protection and access.
Given that data is at the heart of all business, it is simply impractical to put all your data beyond the access of all your staff simply in order to keep it secure. Systems therefore exist where layers of security are employed with different access controls being applied to different data sets.
This is at the heart of all cyber security, with access controls, protection systems and detection systems applied in most networks. Boundary controls used to be one of the primary tactics used to protect networks, with those that had been allowed past the perimeter then trusted to access most internal systems – which is the way that most internal networks or intranets were set up.
However, such controls cannot be applied to hybrid networks that are connected to the public internet, so a different approach has been needed in the age of cloud services and SaaS. Once applications and data are migrated to the cloud and accessed via the public internet this introduced concerns around security and controls. This has seen the emergence of a Zero Trust approach can provide layered security protections against malicious access.
The Ransomware Threat – Back Up or Pay Up
The reason this matters is that in many ransomware attacks cyber criminals have actively targeted not only a victim’s active systems and storage, but also their backups. The ransomware gangs are well aware that firms can avoid paying any ransom by restoring from backups, but if the firm’s backups have been compromised then they have little choice but to pay up. This means that managed storage solutions are needed to secure cloud backups.
One of the first things cybersecurity experts recommend in the event of a cyberattack is to immediately disconnect your backups – effectively creating an air gap to keep them safe.
Unfortunately, if you have been hit then this means that your security has already been compromised and therefore there is a good chance that your backups will also have been compromised as well. Compromised backups are most common where the organizations manage backups locally themselves or where they backup to cloud storage system that use persistent connections.
The answer is to have layered data security and resiliency systems that protect you from the ever-growing number of threats and vulnerabilities in hybrid cloud environments. Based on a zero trust model, this needs to include detection (such as anomaly event monitoring) and protection (with restrictive access controls and encryption). Ideally it would also include a virtual air gap that would allow data to be constantly backed up, but simultaneously isolate such backups to protect them from accidental or malicious threats.
Until now backups were either connected to allow data to be backed up, or isolated to protect them. The introduction of virtual air gaps, alongside best-in-class data security and resiliency represents a major step forward. Innovators such as Commvault are pioneering this kind of approach, with its Metallic Cloud Storage Service which is built on Azure. This provides secure, air-gapped and immutable copies of your data that are always up to date, but also protected from accidental or malicious threat actors.
While there remains no room for complacency, this probably represents your best bet at keeping ransomware threats at bay. With the FBI’s Cyber Division reporting that the number of complaints about cyberattacks has increased to as much as 4,000 a day, a 400% increase from what they were seeing pre-coronavirus, you can’t be too careful.
Bill Mew is one of the world’s top campaigners for digital ethics and founder of The Crisis Team – a digital era crisis management firm where working alongside the UK’s top cyberlaw experts, my team helps firms mitigate against, prepare for and, if necessary, deal with the impact of data breaches.
• Profiled as one of the top global influencers on Privacy by Onalytica
• Listed as one of the top 10 global govtech influencers (and the only one in the top 10 from the UK) by NodeXL (part of the Social Media Research Foundation)