2020-03-27 Having basic data backup procedures or even cloud storage is simply not good enough anymore. The spread of ransomware and other data security threats means that a more comprehensive approach is needed.
Acronis calls this Cyber Protection.
“Cyber protection tools should address all five pillars of cyber protection: Safety, Accessibility, Privacy, Authenticity, and Security,” said the Vice President of Cyber Protect Research at Acronis, Candid Wüest.
Wüest explained that any cyber protection solution should have a comprehensive approach, correlating information across multiple domains.
“Acronis believes that the best approach to this fast-changing threat environment is two-pronged: use AI to knock down ransomware and other attacks before they have a chance to take root, and if something somehow gets past those defences, recover any compromised data from a recent backup,” said Wüest.
“This combination of traditional data protection (backup) and classic cybersecurity is called cyber protection, and many tech security analysts believe that the convergence of the two disciplines is inevitable.”
Wüest said that Acronis will be launching a product in March called Cyber Protect which is specifically designed to address this need.
Acronis cyber protection solutions and services are distributed in Africa by Synapsys. Synapsys is an award-winning distributor founded in 1997. It became one of the world’s first Acronis distributors in 2003.
Synapsys is completely focussed on supporting managed service providers who sell Acronis cyber protection solutions and services to their customers, helping them to maximise the benefits of this pioneering technology and way of working.
Ransomware a bigger problem than hard drive crashes
Before cloud storage and backup services became widespread for enterprise and home use, hard drive crashes were a major cause of data loss.
While the risk of losing data due to a hard drive crash is still present, Wüest stated that ransomware attacks are the main reason for data loss today.
Datto, in its State of the Channel Ransomware Report, found that 79% of managed service providers (MSPs) reported ransomware attacks against customers from Q2 2016 to Q2 2018. In the first half of 2018, 35% of MSPs stated that clients suffered multiple attacks in a single day.
The report confirmed that attacks don’t just target local machines, but cloud services as well. Datto found that 28% of MSPs reported seeing ransomware attacks in software-as-a-service applications.
It also found that fewer than 1 in 4 ransomware attacks are reported to authorities, meaning that the problem is bigger than we know.
More recently, the FBI said the incidence of broad, indiscriminate ransomware campaigns in the United States sharply declined since early 2018. However, losses from ransomware attacks have increased significantly.
“Although state and local governments have been particularly visible targets for ransomware attacks, ransomware actors have also targeted health care organizations, industrial companies, and the transportation sector,” the FBI stated.
Wüest said that Acronis sees an increasing number of cases of malware such as ransomware being responsible for irreversible data loss in organisations. The rise of ransomware attacks is one of the reasons you can’t just rely on cloud backup systems to keep your data safe anymore.
“Cloud backups are often easy to be hacked due to lack of self-protection,” Wüest warned.
“Sophisticated ransomware threats often try to disable backup solutions and then delete existing backups. It is therefore crucial that a backup solution can protect itself and all the created backups.”
This can be done by preventing write access from other processes.
“Preventing write access to backup files directly or copying them to read-only locations can sometimes also help against cyber-attacks,” said Wüest, though he added that for this to work the cloud connection and the cloud platform itself must also be secure.
Data backup challenges
Some of the biggest challenges organisations face with their data backups is frequency, recovery speed, efficiency, self-protection and regulatory compliance.
For a backup to be useful, it must be recent. A continuous data backup is ideal to minimise data loss in case of an incident.
The recovery process also needs to be fast and simple to minimise downtime after a data loss incident.
In addition to this, a backup process needs to be efficient. Wüest explained that a good backup system should deduplicate data to save space and time.
“Data backup should have self-protection with embedded defence against ransomware,” said Wüest.
“In addition to this, backup storage locations need to be compliant to various regulations, like for example GDPR.” It is expected that South Africa’s version of such data privacy regulations, the Protection of Personal Information Act (POPIA) will soon come fully into force.
AI-powered cyber protection
Wüest explained that it is necessary for cyber protection systems to not only respond to known threats, but to also anticipate attacks it may have never seen before.
“That’s why behavioural anti-malware like the one found in Acronis Backup with Active Protection has emerged as an important defence against hackers,” Wüest stated.
Active Protection uses artificial intelligence and machine learning to identify malware by how it behaves, looking for suspicious activities instead of only matching it against a known threat database.
This makes it much better at detecting previously unknown threats.
“It automatically identifies common malware attacks like ransomware and crypto-jacking and immediately shuts them down,” said Wüest.
New challenges, new opportunity
“While the market segment that we’re entering is very well established, this integrated and intelligent approach offers a new opportunity,” said Peter French, the Managing Director of Synapsys.
“The huge increase in cloud uptake means far greater complexity when it comes to managing these multiple and separate environments. There are new security challenges at play.”
One example is when companies have more mobile users and users working from home.
“Especially in a time like this where we’re seeing big tech companies, and I think soon even smaller companies, start to encourage that – even if it’s for a short period,” said French.
“The essential need is to have a solution or solutions that will cater to your cyber protection strategies and offer you maximum protection.”
Legislation such as POPIA is also a factor.
“We need to know what is happening in our network, on our endpoints, which users are potential risks on our network, and we need to be able to deal with that swiftly and centrally from a single pane of glass,” French said.
In addition to adopting a solid cyber protection solution, organisations should ensure that employees are trained thoroughly to be prepared for modern IT needs and threats.
Acronis refers to this is becoming CyberFit.
Being CyberFit comes from the organisation’s leaders, whether the CEO, CFO, CTO, or CIO. From there it extends to third-party vendors and all the way to the employees that only use a single IT tool – an email mailbox.
“Being CyberFit requires that the entire chain of IT needs to be ready: from the in-house team to managed service provider,” Wüest explained.
Everyone involved in an organisation’s IT systems needs to have easy, efficient, and secure tools and comprehensive training to ensure a strong security posture.
“Your organisation should select a security framework like the NIST Cybersecurity framework: Identify, Protect, Detect, Respond, and Recover,” Wüest said.
“From there align your tools, tasks, and processes to decrease risk and ensure compliance obligations are met.”
This article was first published on MyBroadband on 27 March 2020 in partnership with Synapsys and Acronis.