In the current scheme of things, saying, “ransomware attacks are on the rise” is an understatement. Ransomware attacks exploded eight months ago, targeting U.S. hospitals, followed by attacks on critical supply chains of Colonial Pipeline, JBS, and Kaseya. These surgical attacks have crippled businesses and have even forced some to pay up for restoring operations at the earliest. Governmental organizations, however, are not in favor of this for two reasons: Firstly, it does not guarantee the victim any delivery of a decryption key for unlocking data, and secondly, paying ransom boosts the morale of cybercriminals’ to carry out even more malicious operations in the future.
Ransom money is not the only loss that victims of ransomware attacks face. Operational downtime is what hurts businesses most in the aftermath. As per reports, the average downtime experienced by businesses due to a ransomware attack in the year gone by is 23 days, costing them an average of $60,000 daily. To reduce these costs and get moving at the earliest, experts say having a comprehensive and continuous air-gapped backup is one of the best solutions available. To discuss this in detail, Mihir Bagwe, Senior Technical Writer at CISO MAG, interviewed Milind Borate, Co-founder and Chief Development Officer at Druva, to understand the nuances and intricacies of ransomware incident response and the critical role of cloud backups.
Borate has more than 20 years of experience in enterprise product development and delivery. Prior to co-founding Druva, he worked at Veritas Software as Technical Director for SAN-FS and served on the board of the Veritas patent committee. Borate holds several patents in storage technology and co-authored the book “Undocumented Windows NT” in 1998. His current areas of interest are cloud storage and machine learning for unstructured data. Borate is passionate about building engineering teams that deliver end-to-end solutions, and his favorite past-times is philosophizing on software development.
Edited excerpts of the interview follow:
Ransomware attacks have been around for a while now. What factors do you think have contributed to its sharp rise in the recent past?
Over the past year, enterprises have experienced an unprecedented number of ransomware attacks. More sophisticated cybercriminals are emerging every day, seizing networks and infrastructure across vulnerable remote workforces and infrastructures. As a result, many businesses are suffering the dire consequences of its effects, resulting in a loss of time, money, and data that can never be recovered. The frequency of these attacks has made it crystal clear that we are facing an entirely new threat landscape that is far more sophisticated and destructive.
Our team at Druva has observed that the increased vulnerability of businesses to ransomware during the pandemic is a result of:
- SaaS applications – With the emergency of WFH, more people are using SaaS applications now than ever, from messaging to documents, etc. Thus, it is imperative that sensitive communication complies with all regulations and is retailed as business-critical information.
- Cloud-native applications – Cloud platforms allocate new infrastructure quickly and easily. Without experience with the platform, however, users can also quickly expose private data, overrun budgets, and lose data. Cloud environments need oversight.
- Endpoints – With the blurred lines between personal and professional environments, people can download ransomware on their laptops and infect their organizations. They can also download and unintentionally expose private data. Endpoint devices must be secured and protected.
Reports suggest that the average downtime following a ransomware attack is 23 days. If the average downtime is so high, do you think businesses are still not indulging in taking basic measures like data backup? Is there a more comprehensive approach to it?
As we reflect on the last 12 months, the IT landscape has changed significantly; be it from changes to the way we work and accelerated digital transformation journeys to an onslaught of ransomware attacks and rising cyberthreats. While these changes have tested the resilience of businesses worldwide, it has placed the spotlight on cloud-based solutions, especially services like data protection and management.
As operations and everyday enterprise applications move online, the cloud’s ability to deliver air-gapped data protection whilst improving business resiliency with on-demand scalability makes it the ideal choice. With the threat of ransomware on the rise, the rapid expansion of endpoints and cloud-based collaboration tools like Microsoft 365, Salesforce, and Google Workspace must be met with the right level of protection to safeguard against increasing risks. And now companies are beginning to explore next-generation workloads like Kubernetes. As businesses seek to support a digital workforce and move their business forward, the key to success will be in recognizing how the industry has evolved and the gaps which may have been overlooked in the rush to complete projects.
As we have surged the deployment of SaaS applications, data protection is often an afterthought, which increasingly has come back to haunt organizations. Data is being saved in more places than ever and businesses need a holistic approach that offers visibility across all these environments. A robust approach to data resiliency that includes detection, remediation, and recovery is critical to maintaining business operations. This includes utilizing a backup architecture that enables rapid recovery with agility and confidence.
According to CISO MAG’s Data Security report, the majority of businesses still prefer a hybrid backup strategy. Do you think this will remain prominent, or with a wider acceptance and integration of the cloud, cloud-based backup will gain momentum?
Cloud-based backup is revolutionizing data protection. It has become a compelling value proposition for every company looking to prevent potentially catastrophic data loss, from SMBs to corporate enterprises and everything in-between. Cloud-based backup and recovery is the obvious solution to expensive conventional enterprise data protection schemes, and it is also very useful for typically unprotected smaller firms with limited budgets.
The outbreak of the COVID-19 pandemic has led to a surge in businesses adopting the cloud as it is a bridge to the digitization and getting workforce, distribution, supply chain, etc., online. In the last several months, we have seen years’ worth of digitization take place. A natural affinity to cloud-based data protection is developing in the process as businesses look for technology that can help them scale efficiently, minimally impact employees, improve business resilience, and can be deployed easily within today’s restrictive work environment.
Fair enough, but hybrid and on-premises backup strategies are costlier because of logistical issues. And with ransomware gangs now targeting even SMBs through supply chain attacks, do you think cloud-based backup solutions are still a viable option for the smaller counterparts?
Small and medium companies struggle with the challenges of effective backup and recovery because they often lack the IT resources that are required to manage a comprehensive data protection platform. Despite the affordable cost of protecting data in the cloud, most SMBs have ignored the benefits of backing up their data in the cloud and risk losing valuable data to ransomware attacks and other bad actors.
The cloud provides SMBs with significant business value. Although it can be difficult to know where to start or what to prioritize, SMBs must invest in cloud solutions that allow them to extract more value out of their data. When SMBs extract more value from their data, they uncover new business opportunities, generate more revenue, and achieve their goals. Data-driven SMBs can get ahead of the curve by optimizing operations and predicting future trends.
When you talk about cloud-based backup solutions, how does this help in ransomware protection and/or recovery?
Ransomware has become more sophisticated, evolving from encrypting data to deleting backups to now extracting copies of data, which increases the potential damage to your organization. This is where cloud-based backups and protection come in.
As the number of threats targeting data and applications continues to grow, reliance on prevention measures alone is insufficient. Customers need to have new and improved ways to prepare for and respond to incidents, including better visibility, automation, and orchestration. For this, customers should be able to leverage multi-layered ransomware protection and recovery to defend against data loss, accelerate incident response, and simplify recovery, so they can reduce downtime.
Cloud-based backup and recovery is a crucial line of defense against ransomware. Having secure backup images of critical business data and applications allows companies to roll back in time to recover applications and data before the point of ransomware infection. When integrated with existing security information and event management (SIEM) and security orchestration, automation, and response (SOAR) tools, air-gapped backups become the foundation for rapidly and securely recovering from ransomware attacks with enhanced capabilities.
What are the top three suggestions that you would like to give businesses in terms of resilience against ransomware attacks?
The top three suggestions that I would give businesses for improving their resilience against ransomware attacks are:
- Security must be embedded into the business’ culture. This means prioritizing security and ensuring that security experts are involved in critical business decision-making from an early stage. It also means taking the time to train employees on security best practices to ensure a more cyber-aware workforce.
- To ensure cyber resiliency, a business must implement a holistic security strategy that incorporates both protection and recovery. This includes deploying protective measures that can keep threats out and empowering resilience to minimize downtime when (not if) a ransomware attack happens.
- Security awareness should be a constant process. It must be more fluid and continuous throughout the entire year. Organizations should aim to promote security awareness throughout the year, after all, malicious actors are always trying to find ways to harm your business. In information security, we often say it is the weakest link that can have the biggest impact; it is important to focus on cybersecurity throughout the year to help your teams align their security priorities.
About the Interviewer
Mihir Bagwe is a Sr.Tech Writer and part of the editorial team at CISO MAG. He writes news features, technical blogs, and conducts interviews on latest cybersecurity news, tech, and trends.