Back up data to rebuff ransomware bullies

Nick Claxson offers a useful guide to keeping data secure from the cybercriminals.

Much wailing and gnashing of teeth has been precipitated by the latest ‘Bond villain’ of the cybercrime underworld: ransomware. Most industries have been affected, but the most impacted sector globally has been healthcare and pharmaceuticals. Here, cybercriminals were quick to identify that the true importance of sensitive data isn’t so much its market value as the price individuals place on having it under lock and key.

So, ransomware is focusing minds, but not everyone is feeling the pressure. While pharma management executives call crisis meetings and IT leaders urgently reassess defences, the cybersecurity industry sits ready to cash in on a new wave of orders for next-generation firewalls, heuristic behaviour scanners and all the other weird, wonderful and expensive ways of spotting zero-day cyber exploits before they take hold.

Time to go back to basics?

That is all well and good if you look at ransomware as only a security problem – a door that needs to be bolted. But ransomware is also a failure of effective data management.

The first lesson in Data Management 101 is to perform regular backups. In pharma, more than most other industries, that can mean a particularly detailed exercise in technical jiggery-pokery as complex, diverse and, frankly, enormous datasets are corralled into a coherent backup process.

It isn’t easy, and often it isn’t efficient either. Backups can take 6-8 hours or more, and often take place at night when the impact on bandwidth across sites isn’t felt so keenly. IT pros try to balance the need to backup data frequently against the constraints of doing so more than weekly, fortnightly, or even monthly. The result is a potential risk that, should something happen to your data, such as a ransomware lock-out, your backup copy might be considerably out of date and much will be lost.

No need to pay a ransom for your data if you already have a copy

In most of the high-profile ransomware cases, one important blind spot in the cybercriminals’ evil plot has been overlooked. Namely, that if the victim company held an up-to-date copy of its data, why would it pay to have it back? In such a scenario, the data breach would still be a bad situation, but the firm wouldn’t be without its precious data.

The following approach could help pharma companies – not as a complete solution to the ransomware problem but more as the final piece of the jigsaw.

Piece 1: Educate your people

Ransomware propagates through social engineering schemes and other human factors. So, while you’re educating people about sound data management practices and general cyber vigilance, operate an appropriate awareness training programme for anyone in the business with access to company email, computers and servers. That includes taking steps such as decommissioning out-of-support/end-of-life data management software and ensuring you always (and I mean ALWAYS) run recommended patches and updates.

Piece 2: Ensure your antivirus is the best

Whether in the form of endpoint software or network-based infrastructure (or even both), antivirus protection is a key second level of anti-ransomware defence. For the most part, this will prevent any known ransomware threats from impacting your organisation. Antivirus systems commonly operate on the basis of ‘signatures’; prescribed antidotes to known malware infections. Good security systems and practices will stop the vast majority of ransomware attacks, but there will always be the risk of unknown, new attacks (so-called ‘zero-day’ threats) for which there is no signature and no-one can guarantee these won’t affect you.

Piece 3: Use your backup and data management practices to deliver Total Data Protection

Modern IT backup solutions should take frequent, incremental backups every few minutes. Being incremental, these never over stress your network by repeating entire backups periodically. If your business suffers a ransomware attack, you can easily roll back your data to the point in time just before the attack occurred. This approach means you can be certain that your data and systems are clean and the malware can’t be triggered again.

This backup approach is the ultimate in disarming the aggressor. It’s like when, in the infamous Game of Thrones ‘Red Wedding’ episode, Catelyn Stark attempts to halt the massacre by holding a hostage and threatening to dispatch her, only to be told she can go ahead because no-one cares. Who wouldn’t want to get back at the ransomware extortionists?

At a technical level, it’s about updating backup appliances to work on the basis of detecting and recording block-level changes from snapshots, taking a backup at many points during the business day. Some solutions even supplement these actions with the ability to detect ransomware inside a backup and immediately alert IT staff. This invariably means minimising the spread of infection and stepping data back just a few minutes in time to pre-infection.

Continuous backup – the foundation for governance-led data management

Taking ransomware’s power away requires good data governance, effective security measures and a nimble, continuous backup process. Start by taking the risks seriously, applying common-sense procedures and indoctrinating all users in a high degree of ransomware vigilance. Then ensure you combine continuous backup with your normal antivirus and cybersecurity policies.

Remember – data can only be held to ransom if they have it and you don’t.

About the author:

Nick Claxson is managing director and founder of Comtec Enterprises, with over 20 years’ experience of applying disruptive digital technology.

He has specialist knowledge of, and global insights into, a range of IT solutions, and holds a broad range of technical accreditations across the IT spectrum.