The government’s acknowledgement that the escalating threat of ransomware attacks are a question of “when, not if” for UK organisations was not accompanied by sufficient advice on recovery, in its new report ‘The cyber threats to UK businesses’. This is according to Peter Groucutt, managing director of disaster recovery service provider Databarracks.
Last week, The National Crime Agency (NCA) and National Cyber Security Centre (NCSC) launched its first joint report into ‘The cyber threat to UK businesses.’ The document outlined what it expects to be the major trends seen across the cyber security industry over the coming months, highlighting the “significant and growing” threat of ransomware to UK businesses.
While the report advised UK organisations combat cyber-attacks with robust awareness, reporting and cyber security programmes, it failed to acknowledge the more immediately actionable role good continuity practices can play in surviving and recovering from cyber-attacks.
Groucutt discusses: “Ransomware experienced an explosive growth last year, with over 60 new variants emerging since the start of 2016. Industry practitioners have suggested that the sophistication and ferocity of attacks has seen organisations part with over $1 billion to retrieve their encrypted data, with SMEs and individuals increasingly being targeted.
“There is a clear and urgent need for organisations to increase their survivability of – as well as defences against – cyber-attacks in the near future. The pervasiveness of ransomware is particularly troubling. It’s a hugely lucrative industry, and traditional security measures, such as anti-virus, are failing to keep pace. Whilst outright prevention of an attack may be impossible, good continuity practices, such as a carefully tailored backup solution, can effectively negate the consequences.”
Groucutt continued: “It is also critical that an effective incident response plan and backup strategy are in place; something that was surprisingly omitted from the government’s advice within the report. Whilst we typically advise customers to plan for the impacts of disruption, rather than the specific scenario that caused it, certain cyber threats do warrant specific response plans, and this is certainly the case for ransomware. It would be advisable for UK organisations to make a ransomware attack the next focus of any future continuity planning if they haven’t done so already.
“Supporting this is the need for an effective backup strategy. In the event of a ransomware attack a business will have two likely options: recover the information from a previous backup or pay the ransom. The challenge remains that many traditional DR services are not optimised for cyber-threats. Replication software will immediately copy the ransomware from production IT systems to the offsite replica. Replication software will often have a limited number of historic versions to recover from so by the time an infection has been identified, the window for recovery has gone. This means that ransomware recovery can be incredibly time consuming and requires reverting to backups. This often involves trawling through historic versions of backups to locate the clean data. Partnering with a specialist can dramatically reduce this process, ensuring faster recovery and ultimately greater peace-of-mind.
“The threat of ransomware will only increase so steps need to be taken to mitigate risks. The advice from the government provides a solid foundation for those looking to address this but it is imperative this is supported with an effective response plan and backup strategy,” Groucutt concludes.