False dawn: Could the risk of a ransomware attack increase going back to the office?

Slowly but surely, more UK employees are being encouraged back into the office, with the Government keen to accelerate this even further. For many businesses, this will be welcome news, especially those who have struggled to adapt to working from home. By Ian Wood, Senior Director, Head of Technology UK&I, Veritas.

  • 3 years ago Posted in

However, these businesses must also tread with caution and IT departments must be prepared for the fresh challenges that this will bring. One of the key concerns businesses must grapple with is the increasing risk of a ransomware attack. This is a threat businesses have faced for years and long before the pandemic begun. However, with employees bringing devices back into the office which could have been compromised by malware while working from home, the risk has been amplified. Becoming ransomware resilient, and quickly, must be the name of the game for businesses returning to the office.

 

The evolving threat of ransomware

 

For businesses, the threat of a cyberattack is an everyday concern. Yet during lockdown, as people working from home used unfamiliar tools, cybersecurity became a more pressing concern than ever. Companies such as Honda and EasyJet felt the full force of this, as they were both hit by cyberattacks while trying to respond to the disruption of COVID-19. However, from a cybersecurity standpoint, this period of working from home could be the first wave of attack.

 

As employees are invited back to the office, there is a real risk that they could be bringing infected devices back with them. Once these devices are back behind the company firewall, latent malware could quickly spread across the network and do considerable damage during a critical recovery period.

 

There are two things which make this not just likely, but probable. Firstly, the pandemic coincided with the emergence of the EKANS virus, which may be lying dormant and unseen on devices until they reconnect to the corporate network and have the opportunity to laterally attack ICS data. Secondly, over the last six months, there is evidence of as much as a 72% increase in new samples of ransomware. Many IT departments are already stretched as they support new flexible working initiatives, when you add to the mix new threats that need to be mitigated, and huge numbers of vector devices that could have been subject to all manner of malware since they were last seen, this could well be the perfect storm required for ransomware to take hold.

 

Prepare for the worst

 

Whether it’s legal, reputational or financial, having your customer data stolen can have severe ramifications. Take Garmin for example; there are multiple reports that the company had to pay a multi-million dollar ransom to retrieve their data after they became victim to a ransomware attack in July 2020. For businesses looking to mitigate against these risks, an effective data backup solution can help to eliminate the threat of data loss.

 

Ransomware attacks rely largely on companies not being able to restore data that has been encrypted by hackers, who use that leverage to extort vast ransoms in exchange for the encryption key. However, if companies have another trustworthy copy of that data stored safely elsewhere, ransomware attackers lose that position of power.

 

With an effective data backup solution in place, companies that fall victim to a ransomware attack can resume operations quickly and without interacting with the hackers. Instead, in that critical moment when businesses realise they’ve had their data stolen, a combination of on-premise and cloud backups allows the organisation to simply restore that backup data and resume operations.

 

When it comes to implementing an efficient data backup strategy, a good guideline to follow is the ‘3-2-1’ rule. This entails having three copies of your data, two of which are on different storage media and one that is air-gapped in an offsite location. Since attacks frequently focus on encrypting backup servers as part of their invasion, the need to physically isolate one such copy of backup data from the network (known as air-gapping) is perhaps now more important than ever.

 

Ultimately, while companies must accept there is a degree of inevitability when it comes to data breaches, being prepared for them is not just smart, it’s cost-effective and shows corporate responsibility.

 

A new world requires a different way of thinking

 

While preparing for the possibility of a ransomware attack as employees return to the office is the immediate priority for many IT departments, we’re also seeing them channel their energies into shifting systems to accommodate the long-term changes to the traditional way of working that they anticipate as a consequence of COVID-19.

 

Many companies managed to quickly enable their employees to work from home at a moment’s notice. However, in many instances, this speed came from necessity rather than a level of preparedness. As a result, some companies would have accepted the trade-off that such a quick roll-out would result in short-term risks. Processes which, ordinarily, would have taken months, such as audits, tenders and staff training, were sometimes condensed into a one-week period. Meanwhile, technology deployments which may have been outsourced to specialists would have been installed by in-house talent instead.

 

As systems and processes shift from temporary to permanent, they need to be revisited and revised. That’s not to say it will be easy, though. Ultimately, there are multiple devices, applications and, in some cases, operating systems which have been out of the organisation’s central loop for months now. On top of that, there is no guarantee that those devices have been used purely for work, with Netflix binge sessions and Zoom quiz nights being the status quo for much of this time.

 

Having complete visibility into your enterprise infrastructure and data environments has never been more critical, and the danger to companies who aren’t taking the right precautions cannot be overstated. Businesses must ensure their data isn’t sitting siloed, unclassified and unmonitored across various disconnected cloud and on-premise environments. Instead, it should be accessible by employees from a connected platform, such as the cloud, which is supported with the latest and most resilient security software. With this in place, businesses become more resilient to ransomware attacks in both a preventative and reactive capacity. Having regular, or even constant, monitoring of sensitive data, which is most at risk of encryption, will also speed up the reactive process.

 

Nowadays, it is sensible for businesses to consider ransomware attacks as an inevitability, rather than a possibility. This isn’t to say that preventative security measures are futile. Instead, should these measures fail, it is essential to identify the breach quickly and to have a response in place which will allow you to continue business as usual, without negotiating with the hackers. Strong data back-up solutions and effective detection processes are the key to this. With a string of high-profile ransomware attacks taking place in the last year, businesses have had ample warning. Now is the time to act and prepare.

 

By Barry O'Donnelll, Chief Operating Officer at TSG.
By Dr. Sven Krasser, Senior Vice President and Chief Scientist, CrowdStrike.
By Gareth Beanland, Infinidat.
By Nick Heudecker, Senior Director at Cribl.
By Stuart Green, Cloud Security Architect at Check Point Software Technologies.
The cloud is the backbone of digital cybersecurity. By Walter Heck, CTO HeleCloud
By Damien Brophy, Vice President EMEA at ThoughtSpot.