Intelligence needed for a quick and reliable recovery process, Index Engines explains
HOLMDEL, NJ – CyberSense, powered by data integrity software company Index Engines, today highlighted the need for cyber-protected backup platforms as World Backup Day returnes. Index Engines emphasizes this as ransomware has been successfully penetrating firewalls and attacking organizational data as the number of attacks accelerated in 2022. As a result, analysts and hardware providers are preaching backup as the best way to recover and is the primary approach organizations are relying on for their cyber resiliency strategy.
In this evolving environment, an alarming trend is on the rise with more sophisticated ransomware attacking and disabling backup to cripple organizations and drive ransom demands higher. FBI alerts and top security publications have highlighted these issues in the following:
- Sabbath Ransomware Gang has been terrorizing North America by targeting and destroying backups. They then demand 7-figure ransoms for the stolen copy of the organization’s data back. https://securityintelligence.com/news/sabbath-ransomware-critical-infrastructure-backups/
- The FBI and Cybersecurity and Infrastructure Security Agency (CISA) warned : Malicious actors have also added tactics, such as encrypting or deleting system backups—making restoration and recovery more difficult or infeasible for impacted organizations. https://us-cert.cisa.gov/ncas/alerts/aa21-243a
- Conti Ransomware Adds Ability to Compromise Backups, according to a report published in September, which details how Conti has honed its backup destruction to a fine art. After all, backups are a major obstacle to encouraging ransomware payment. (https://threatpost.com/conti-ransomware-backups/175114/ )
“Organizations are overly confident that their backups have integrity and can be used to recover data when they are hit by a ransomware attack, Index Engines vice president Jim McGann said. “Cyber criminals do not want organizations to easily recover, so they have set their sights on backup; corrupting, encrypting or deleting them, to make a very challenging to execute a reliable and timely recovery. This allows them to ask for more extreme ransoms.”
Backups are not enough, according to experts at Index Engines, the makers behind CyberSense, a solution that detects signs of data corruption and facilitates quick recovery from a ransomware attack. Backups can be compromised, as we are now seeing. Relying on backups to recover from a ransomware attack is no longer a viable strategy and it is important to validate the integrity of data in backups and the backups themselves to have confidence that a quick and reliable recovery process can be executed.
But backups are the right place to start, as long as it addresses the influx of sophisticated attacks that are already being seen and will continue become the “industry standard” for ransomware in the coming quarters.
Backups should provide the isolation needed from cyberattacks, immutability from destructive threats, and, most importantly, the intelligence to know if that data has already been compromised. This includes:
- Isolation. Cybercriminals cannot access, steal and corrupt data they do not know exists. Isolating backups of core infrastructure, critical files, and databases with an operational air gap offers an integral first step to keeping data out of reach.
- Immutability. Deploying advanced technology to lock down the protected data and ensure that no bad actors can tamper with it, corrupt it or destroy it is critical to ensuring reliable recovery. There have been many instances of cybercriminals or insider threats destroying backup catalogs and data sets to create an unrecoverable environment. Immutability will provide confidence that data is secure and protected from harm.
- Intelligence. It is off the network and tamper-proof. But, is the data good? Sophisticated attacks, attacks that hide deep inside the content, are becoming more commonplace and circumventing detection tools. Adding machine learning and full-content analytics to this secured data offers insight into how the data has changed and can alert to signs of corruption. Early detection provides the ability to recover quickly with confidence that data is clean. Leveraging intelligence can limit data loss to hours and specific files, not days, weeks and complete backups.
“Companies need to get their business operational quickly,” McGann explained, “but this leaves organizations with few options, many of which aren’t ideal for business operations. Paying a ransom and getting encryption keys is a common path they seek, putting them on a list for another attack and putting their faith in cyber criminals the encryption keys will work. Or they spend days searching for good backups so they can restore clean data resulting in a major delay to return to a steady state.”
“This is where intelligence comes in. Being able to know what was compromised and when, allows for an intelligent return to business operation quickly.”
About Index Engines
Index Engines has been providing organizations with Power Over Information™ since 2004. Its scalable, high-performance indexing engine has been uniquely architected to meet the challenges of today’s data center and deliver a highly scalable and efficient indexing platform across both primary and backup storage data environments. It provides search, reporting, disposition, and preservation of unstructured user data in support of stakeholders ranging from IT to legal and security. Clients, including top financial services, health care organizations and government agencies, turn to Index Engines to support their most mission-critical information management, cyber security and governance challenges. Additional information about Index Engines is available at https://indexengines.com.
