Readers and risk professionals keeping up with all the recent news about ransomware and cybersecurity (re: JBS, Colonial Pipeline, cryptocurrency, Fastly and more…) will clearly see that data breaches are becoming more and more of a serious risk.
At the same time, all of this breaking news in the last few weeks have created more questions than answers for risk and compliance professionals.
While seeing so many organizations pay exorbitant amounts of money and yet so often remain unsuccessful in attempts to fully recover funds and/or compromised data, the question arises—is it worth it to pay the ransom?
The short answer: no.
The long answer:
In our opinion, ransomware is defeated with a good backup strategy. When an organization’s data is properly backed up (more on this below), the value of the ransom is inherently reduced because the information that is being ransomed is easily recoverable by means other than what the ransom demands.
A backup strategy can be as simple or complex as an organization chooses to make it, but a solid baseline starts with the tried and true 3-2-1 backup rule:
- 3 copies of your data: Three unique copies stored in different locations (not three versions stored in the same place).
- 2 unique locations: The time delay (or “air gap”) between synchronization is very important here. Oftentimes, people tend to opt for immediate sync (database replication, cloud sync, store in-cloud, etc.) but the longer the delay, the less risk of the second location effectively being a mirror of the first, in which case it’s conceptually just one location.
- 1 offsite location: Thinking through the “air gap” is important here; if your cloud provider offers seamless access to multiple data location sites, those are effectively still the same location. A simple rule of thumb to follow in a cloud environment is “do I need a separate username/password to access my backup”? Backing up Google Drive data within Google Cloud is not a separate location; however, backing up from Google Cloud to AWS S3 is.
The wisdom behind the 3-2-1 backup strategy has not changed, but it is wise to review some of the implementation details in this current age of Ransomware. In the race to the Cloud, ask yourself these questions:
- Have you implemented a robust “cross-cloud” backup strategy?
- More importantly, how robust is your restore strategy?
Additionally, a regular (we recommend monthly) test to evaluate if your backups are correct and can be restored is crucial because your backup strategy is not as important as the restore strategy that relies upon it.
A simple table top exercise would be to think through what would happen if your entire workforce (including admins) were locked out of your primary Collaboration Suite (whether it’s Google Workspace or Microsoft 365). Would you then have the ability to quickly restore your working data (think about how much valuable data your users store in their emails, calendars, contacts and to-do lists) from a data set stored outside your primary cloud provider?
Lastly, if your data has been compromised, it’s essential to look at your security and make the necessary remediations to prevent future cyberattacks from happening in the future. (A paid ransom, no matter how high, will never ensure that cyber-attackers will leave the compromised information alone in the future.)
All of these data breaches and cyber attacks are precisely the reason we at Cential stress the importance of herd immunity and risk ecosystems.
Events like these will certainly affect how risk and compliance approaches evolve in 2021-22 and beyond.
We believe organizations will shift more and more to managing risk through an ecosystem—working together to manage risks and explicitly develop responses to cyberattacks.
Not sure what the terms ‘herd immunity’ or ‘risk ecosystem’ mean? Give this podcast episode (featuring Cential’s very own David Ponder and Jannie Wentzel) a listen to learn more or contact us with any questions.