Security attacks continue to be on the rise as threats like ransomware grow more mature. Many enterprises find themselves unprepared for an attack, with more organizations opting to pay ransom than ever before. This is because recovering from an attack is often time-consuming and complex, and in many cases, the backups themselves are compromised. Although preventing ransomware attacks may seem near impossible, there are tools and infrastructure best practices that can help you build an effective ransomware remediation plan to ensure cyber resiliency.
In an article with Infosecurity Magazine, Robert Rhame, Director of Market Intelligence at Rubrik, explores the passive survivability model and how this framework can enable your team to bounce back from a successful attack. Let’s take a quick look at this model and how, according to Rhame, it can prepare your team.
A version of the below excerpted article originally appeared in Infosecurity Magazine.
Design Your Infrastructure for Ransomware Resiliency
When it comes to preparing for a threat that you can’t stop, your infrastructure must be designed in such a way that an attack, although damaging to your business, does not cause all of your operations to sink.
Like a modern battleship, your infrastructure should be created with an inherent resiliency built into it. Ransomware resiliency is different than traditional network segmentation and should be thought of as failure compartmentalization. The prevalence of the cloud, mobile, SaaS, and IoT devices means that organizations must no longer be focused on securing the perimeter but instead compartmentalize their infrastructure in a passively survivable way that acts as a safety net when an attack occurs.
Prioritizing Is Paramount for a Ransomware Response Plan
Infosec and operations teams need to proactively meet and plan for an attack scenario prior to a breach occurring. This includes planning response tactics to threats, as well as enlisting a suite of tools that prevent, detect, and make the recovery process simpler. Moreover, after a breach occurs, the same teams need to focus on remediating the attacks in the areas most critical to the business – weighing the benefits and challenges of prioritizing one over another.
Backing up Means Bouncing Back with Immutable Backups
Can you rely on your backup in the event of a cyberattack? Ransomware is getting more and more sophisticated, and it’s becoming increasingly common for attacks to encrypt or delete backups. To prepare for a ransomware attack, it’s important to examine your existing architecture and and ensure that backups are immutable, meaning they can’t be compromised during an attack. Ask yourself these questions to quickly gauge if your infrastructure is ready:
- Can you bootstrap critical infrastructures such as AD, DNS, and Time Servers? How quickly?
- Does your backup let you instantly recover?
- Can you identify where attackers have hit with an automation tool? Including, where and when an attack occurred and the steps needed to recover?
- Are you able to replicate and recover a clean version of a compromised file prior to the point of an attack?
Passive survivability is not a replacement for prevention. Protecting a business from a cyberattack requires preparation long before an attack actually occurs. A large component of passive survivability includes developing a cyberattack safety net that incorporates tools and processes designed to get you back on your feet quickly.
Get more insight into how your team can embrace passive survivability in the face of a cyberattack in Robert’s article here.