Organisations are caught off guard when they receive a ransom demand from hacker. They may not be aware of how the hackers gained access, identified vulnerabilities and encrypted their files before issuing the ransom demand.

The threat is no more isolated, with close to 1.4 million cyber security incidents in 2022 alone. The frequency of attacks in India, which far surpassed global averages, shows the enormity of the problem.

“What makes these ransomware attacks a real challenge is the fact that these attacks are sudden. Before you realise there’s a threat, the hackers have stolen information, have encrypted valuable files, and are demanding that a ransom be paid to release those files back to you,” Shuja Mirza, Director, Solutions Engineering, NetApp India, says.

“Paying the ransom doesn’t always minimise the damage. It can take weeks after a ransomware attack to fully assess the damage done – not to mention many functions that come to a standstill, affecting the business crucially,” he says.

Prevention plans

Putting in place a robust prevention plan would help companies in not only minising the damage, but also in resuming the operations faster.

“Preventing these ransomware attacks requires careful attention to every aspect of your data. It requires a multilayered solution to what is a multilayered problem,” he contends.

The strategy would include infrastructure management, monitoring, and services to help protect, detect, and recover from cyber threats.

Recovering the data and getting business back on the track is not enough.

“What is needed is a comprehensive and preventive approach to ransomware protection, including solutions that have built-in features that protect and secure primary data, using AI and machine learning to proactively spot and counter malicious or irregular actions,” he points out.

Mirza moots a five-step approach for organisations to put in place a robust cyber resilience frame.

“A data centric approach would help organisations build a robust security foundation to support their future cloud and digital transformation initiatives. It allows them to nurture greater digital trust among their stakeholders and stand out among their competition in the digital economy,” he says.

Five-step strategy

In a strategy note on cyber resilience, he moots a five-step approach that an organisation can consider when developing its cyber resilience strategy:

Identify: He called for a full visibility of the network landscape. “You need to take stock of the IT environment and assess current data protection and security processes,” he says.

It would include classification of all data sets into different categories based on their business values and understanding where and how all these data sets are kept and accessed.

Protect: Organisations need to encrypt all the critical data and go for regular backups and enforce perimeter defences. They should update vulnerable operating systems and applications. They must sensitise and train all the employees in cybersecurity best practices. They should have a zero-trust policy (trust no one) to leave no chinks in the armour.

Detect: He felt that detection holds the key in staying ahead of malicious actors. This calls for constant monitoring of user behavior, and detection of anomalies in storage or file system behaviour.

“Continuous monitoring with a single-pane view of their data environment makes it easier for organisations to identify and act on anomalies in user behavior,” he points out.

Respond: A good disaster recovery and business continuity plan needs to be tested periodically, including operational response as well as automated responses. Plans need to be updated continuously as threats evolve and lessons learnt from other attacks. Updates should be communicated with internal and external stakeholders to ensure a coordinated response if an attack occurs.

Recover: Downtime can be reduced by applying intelligent forensics to identify the source of the threat and targeting which data to restore first. By rapidly restoring data, companies can help accelerate operational recovery and bring critical applications back online.