Die Hard with a Ransomware

Simon says: don't leave your critical data within reach of hackers! With cyber recovery, protect your most important information in a digital Fort Knox. Yippee ki-yay cyber attackers!

On 24 January I was honoured to organize and take part in the latest Cyber Recovery User Group in Madrid. Our customers came together to talk about their fight against all sorts of cyber threats, including ransomware, viruses, and malicious insider attacks.

It was an opportunity to share everyone’s experience, strategies, and best practices for detecting attacks, automating security processes and above all being able to resume activity in the event of an incident. A lot of questions with enticing proactive discussions with many lessons on what does and does not work.

What about you: would you be able to start again if a cyber terrorist took your data hostage and threatened to blow up your information system? Let’s play the game of cyber resilience together. And, as Simon says: “Noncompliance will result in a penalty.”

Simon says: don't confuse cyber security with cyber resilience

The two pillars of the fight against cyber threats meet different objectives, employ different strategies, and use different tools. Cyber security refers to all the tools and practices that aim to defend an information system and data against potential attacks. Deploying a next-gen firewall or an IPS, for example, are cyber security actions, as is implementing multi-factor authentication or an access control policy. But what if , despite everything, an attack managed to circumvent these defences and put a stop to your activity? “You're about to have a very bad day.”  

This is where cyber resilience comes in. This time, the goal is to recover systems – and therefore activity – after a destructive attack such as ransomware. It is very common in sensitive sectors such as energy and defence, but it has become critical in all sectors and for all sizes of organisation as digital has gained such a key role in all processes. Financial institutions, healthcare establishments and telecoms operators are all examples of regular targets who must continuously strengthen their cyber security, as well as plan their cyber resilience.

Simon says: build your digital Fort Knox

Hackers often have a well-laid plan that aims to paralyse both production and backups, leaving the company with no fall-back solution. This means that cyber resilience is your last line of defence in the event that your information system is paralysed. PowerProtect Cyber Recovery technology enables you to create a vault disconnected from production systems – and therefore out of reach of hackers – where you can store copies of your most critical data. These copies are immutable, meaning they can't be encrypted, changed or deleted by hackers. This gives you the means to rebuild your production in the event of an attack.

Simon says: choose the most critical data to protect

You wouldn't put your pennies in a vault: the same applies to your data. Not all of it needs to be protected by cyber recovery. The first step, then, is to conduct a business impact analysis (BIA) to determine the impact on your activity in the event that a system, application or piece of data is unavailable. To do this, it’s crucial to work together with business units to identify any digital gold bars that are essential to their work.

Risk and compliance departments also maintain a list of critical systems from a holistic vantage point. Consider all regulatory and reporting systems and GDPR compliance aspects, as well as those that are industry specific: personal identifiable information (PII), personal healthcare information (PHI), PCI DSS related dependencies, etc. Dell′s consultant specialists can guide you through this process.

Simon says: have eyes inside the vault

Traditional backups are not enough. Traditional signature-based detection is no longer enough either, in particular due to its constant need to be updated in order to remain efficient. Enter artificial intelligence to guarantee the integrity of data backed up in the vault!

CyberSense technology uses machine learning and over 220 heuristic evaluation rules to determine whether a copy can be considered safe or if it has any anomalies. The algorithm can detect infections such as LockBit, AlphaLocker and BianLian, which are designed to circumvent certain cyber defence mechanisms in production environments. Having a backup isn't enough. You need a reliable, healthy and isolated backup.

Simon says: test your reaction capacity

Each company has its own individual business context and its own constraints. But they all need to test their recovery plan! If an attack does happen one day, it is essential for everyone to be aware of their role and responsibilities to react quickly and try to reduce the impact as much as possible.

 Some of our customers test their strategy once a quarter, while for others an annual simulation is good enough. The aim is to confirm that your teams are prepared and check the efficiency of processes and the ability of everyone involved to correctly follow the plan, to make sure that you can get your systems up and running again in line with the RTO. Once again, Dell offers “red teaming” services that can help organisations implement an attack simulation.

Click on links from unknown senders

I didn't say "Simon says"!