To say cybercrime is increasing is an understatement. It fails to capture the relentless activities of bad actors trying to access sensitive information, interrupt normal business, extort money or gain control of an organization’s own data.
Here are just some of the year-over-year global numbers from a recent Cyber Threat Report1:
- In 2021, ransomware attacks increased by 105%
- Encrypted threats increased by 167%
- Never-seen-before malware variants increased by 65%
It’s not just the frequency of attacks that’s escalating; it’s also the complexity and impact. We’re seeing more double extortion and even triple extortion2 strategies to ensure the success of a ransomware attack. These attacks first steal a copy of your data, such that not only are your systems and data held ransom, but your entire backup set and those who would not want to see it published are targeted. One other consideration is that single-stage ransomware attacks have now become multi-layered, and may not necessarily end after the first stage of infection
Sophos reported that the average ransomware victim paid $812,360 USD in 2021 to get their encrypted data back – and that amount doesn’t include lost revenue3. Adding insult to injury, paying a ransom does not guarantee that files will be recovered or systems will be restored, or that you have any type of guarantee from the bad actors.
So, how do you protect your organization from serious cyber threats?
Complex problems require sophisticated solutions, and there are two major areas to consider: network security and data security. The offence and defence of protecting your business.
1. Network security
Simply put, network security is all about prevention. It’s any activity that protects the usability and integrity of your network, endpoints and data. But the task is not actually simple, and the number of ways to penetrate one’s network is expanding. The job of protecting your IT infrastructure, then, should go to someone (or some people) who can stay ahead of increasingly elaborate threats.
After the banner year ransomware has had, an organization’s best bet is to leave network and endpoint security to an expert team. If managed security services (MSS) haven’t been on your company’s radar in the past, now is the time to consider them.
There are certainly financial benefits4 and even operational benefits5 to outsourcing your IT management and security – like scalability, productivity, lower costs, etc. – but the biggest benefit is the access that you get to dedicated expertise and advanced technology.
With MSS, your service provider’s entire job is to deploy and manage high-quality defences across your company’s digital landscape.
Whether you choose to outsource your IT security or not, your business should be proactive on network security. Your cyber security team needs to thoroughly understand your network, digital assets and the evolving threat landscape, plus have the ability to adapt and react quickly.
2. Data/Information security
Data security is all about preparing for the worst, which means ensuring you are backing up your data and protecting it from cybercriminals. If your business finds its systems and data unexpectedly encrypted and is unable to conduct business as usual, professional managed data backup will help you restore your operations.
The key is to identify mission-critical data, plan how to store it and then test the restoration of your data. There are variations of backup rules, but one of the most popular is evolving. The 3-2-1 backup rule has evolved into 3-2-1-1-0, where you have:
- Three (up-to-date) copies of your data
- Stored on Two different types of storage media or devices (e.g. in the cloud and on a network drive)
- With at least One copy offsite
- And One copy that is offline
- And Zero errors when creating backups and when performing data restoration tests
Each step is important and will make all the difference in the event of a ransomware attack, but the offline part is key.
Why? Because ransomware threats often target any and all backups on the network or through cloud services. An offline backup set is like a backup of your backups, and can be a lifeline.
So why have onsite backups at all? For quick and easy file access, they’re still helpful. Local backups are fast, and they help you protect your business data, but they just don’t offer a complete, secure solution on their own.
Cyber threats will keep evolving. Increasing sophistication and technological advancement will make it harder for businesses to detect, and protect themselves against, network infiltration. The most secure organizations will be the most proactive. They will have expert teams managing and monitoring their networks, and actively searching for threats and vulnerabilities. In addition to hardening their network, endpoints and cloud services, best practices now call for placing a backup set “out of reach” to back up your backups.
1 SonicWall, Cyber Threat Report 2022, https://www.sonicwall.com/2022-cyber-threat-report/?elqCampaignId=13998&sfc=7013h000000MiQZAA0&gclid=CjwKCAiAgbiQBhAHEiwAuQ6BkmbfNdHZWbIdJBPGBn4ut4T3yR5wDxM6JrGQbSMPEUk4O5ClyAmcVxoC7MsQAvD_BwE#top
2 Security Intelligence, Ransomware Attackers’ New Tactic: Double Extortion, https://securityintelligence.com/articles/ransomware-double-extortion/
3 Sophos, The State of Ransomware 2022, https://assets.sophos.com/X24WTUEQ/at/4zpw59pnkpxxnhfhgj9bxgj9/sophos-state-of-ransomware-2022-wp.pdf
4 Marco, 8 Financial Benefits of Managed IT Services, https://www.marconet.com/blog/8-financial-benefits-of-managed-it-services
5 Hitachi Solutions, The Importance of Managed Services: 8 Reasons to Partner With an MSP, https://global.hitachi-solutions.com/blog/benefits-of-managed-services/
Acronym Solutions Inc. is a full-service information and communications technology (ICT) company that provides a range of scalable and secure Network, Voice & Collaboration, Security, Cloud and Managed IT Solutions. We support Canadian businesses, large enterprises, service providers, healthcare providers, public-sector organizations and utilities. We leverage our extensive network expertise to design and build customized, fully scalable solutions to help our customers grow their businesses and realize their full potential. With more than 20 years’ experience managing the communications system that enables Ontario’s electrical grid, Acronym is uniquely positioned to understand the mission-critical needs of any business to deliver the innovative and reliable services that respond to the changing demands of businesses, and support rapid growth and digital transformation initiatives.