Experts Reaction On UK’s Cybersecurity Agency Releases Updated Ransomware Policies

In response to new ransomware policies released by the UK’s National Cyber Security Centre, experts offer perspective below.

Experts Comments

March 02, 2020
Dave Jemmett
CEO
Cerberus Sentinel
While offline backups are certainly an important part of any business continuity strategy, they provide limited protection to sophisticated ransomware attacks, as many actors delay activation until their code has been deployed in an environment for an extended period of time (often months), allowing for their code to infect even offline backups. Restoring from an offline copy simply re-installs that software into the environment, only to be re-activated. Good business practice dictates.....Read More
While offline backups are certainly an important part of any business continuity strategy, they provide limited protection to sophisticated ransomware attacks, as many actors delay activation until their code has been deployed in an environment for an extended period of time (often months), allowing for their code to infect even offline backups. Restoring from an offline copy simply re-installs that software into the environment, only to be re-activated. Good business practice dictates having several backups. Keeping one from 6 months prior, 3 months prior and the monthly. The monthly backup should be daily snapshots. The scanning of the servers for threats daily, then back up to multiple locations. Today's cloud back up storage is a inexpensive and can be done in several offsite locations. These backups should be verified and restored periodically for validation. Encrypted backups are also a way to prevent the malware from infecting it if it’s connected to the network.  Read Less
February 28, 2020
Javvad Malik
Security Awareness Advocate
KnowBe4
Offsite backups are important to prepare for any sort of incident, but are even more important in the case of ransomware. However, even backups alone may not be sufficient. We're seeing ransomware evolve to the point that the criminals steal critical information from organisations when they infect them with ransomware. They then try to extort the company, its customers, and partners for money in order to not release the stolen information. Therefore, it's essential that organisation do all.....Read More
Offsite backups are important to prepare for any sort of incident, but are even more important in the case of ransomware. However, even backups alone may not be sufficient. We're seeing ransomware evolve to the point that the criminals steal critical information from organisations when they infect them with ransomware. They then try to extort the company, its customers, and partners for money in order to not release the stolen information. Therefore, it's essential that organisation do all they can to prevent ransomware to begin with. This requires a layered approach to make it difficult for criminals to get in such as patching external-facing systems, implementing MFA, encrypting data, and providing security awareness and training to all users.  Read Less
February 28, 2020
Dave Jemmett
CEO
Cerberus Sentinel
While offline backups are certainly an important part of any business continuity strategy, they provide limited protection to sophisticated ransomware attacks, as many actors delay activation until their code has been deployed in an environment for an extended period of time (often months), allowing for their code to infect even offline backups. Restoring from an offline copy simply re-installs that software into the environment, only to be re-activated. Good business practice dictates.....Read More
While offline backups are certainly an important part of any business continuity strategy, they provide limited protection to sophisticated ransomware attacks, as many actors delay activation until their code has been deployed in an environment for an extended period of time (often months), allowing for their code to infect even offline backups. Restoring from an offline copy simply re-installs that software into the environment, only to be re-activated. Good business practice dictates having several backups. Keeping one from 6 months prior, 3 months prior and the monthly. The monthly backup should be daylily snapshots. The scanning of the servers for threats daily, then back up to multiple locations. Todays cloud back up storage is a inexpensive and can be done in several offsite locations. These backups should be verified and restored periodically for validation. Encrypted backups are also a way to prevent the malware from infecting it if it’s connected to the network.  Read Less
February 28, 2020
Baan Alsinawi
Managing Director
Cerberus Sentinel
Encryption! use encryption for your data backups. use a separate key for your backup data than the primary storage data. especially when using cloud backup solutions. less likely that two passwords/encryption methods be compromised at the same time,reduces your risk for recovery of your data after a ransomware incident. this is a best practice recommendation.
February 28, 2020
Bill Santos
President and COO
Cerberus Cybersecurity
While offline backups are certainly an important part of any business continuity strategy, they provide limited protection to sophisticated ransomware attacks, as many actors delay activation until their code has been deployed in an environment for an extended period of time (often months), allowing for their code to infect even offline backups. Restoring from an offline copy simply re-installs that software into the environment, only to be re-activated.
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.