ransomware data backups

When Ransomware Attacks Seem Inevitable, What Can IT Teams Do?

The possibility of their business falling victim to a cyberattack has always kept IT teams up at night, but today’s threat landscape is reaching new levels of sophistication.

For example, new acoustic-based attack methods listen to the victim’s typing using an open mic and then leverage AI to run through a list of possibilities, tapping elements of generative AI to determine the most likely sequence of keys to determine what is being typed. This type of attack may sound like something out of a sci-fi movie, but it’s real and scarily accurate.

Cybercriminals and cybersecurity professionals have a “give-and-take” relationship where they continuously adapt to each other’s advancements and try to outpace the other. This type of relationship showcases that while they are seen as enemies, their jobs ultimately rely on what the other is doing. For IT professionals today, it’s clear that, once again, they need to update their tactics and mindset by shifting attention to resiliency and data restoration.

Not your mother’s threat landscape

IT professionals are supposed to be company protectors, above the fray of see-through phishing attempts and bogus links. But with the help of AI, cybercriminals are now successfully targeting IT professionals with ultra-sophisticated attacks because of their proximity to the most sensitive systems in a corporate network. For example, Sophos recently identified a “malvertising” campaign dubbed “Nitrogen” comprised of fake advertisements for popular IT tools to specifically trick IT professionals into downloading initial access malware, which attackers can then use to perform future ransomware attacks.

Although not the typical victim set, IT professionals provide a higher reward to cybercriminals if they are compromised. And while AI is still a way out from being able to generate elaborate malicious code by itself, it can help to make things like fake websites and advertisements look more convincing.

In addition to these new attack methods, ransomware is increasing in frequency, with SonicWall reporting a 74% surge in Q2 2023 compared with the year’s first quarter. According to ESG (Enterprise Strategy Group), only 16% of organizations that experienced a successful ransomware attack were able to recover their data afterward fully, and 87% are concerned their data copies themselves could become corrupted during an attack.

This reflects a hard truth that IT teams can no longer ignore: It’s time to start operating as if an attack is inevitable.

A mindset shift for the modern IT team

Now, I’m not advocating that companies should throw out their prevention and detection tools altogether. Still, it is time IT teams recognize that as AI and other emerging tech continue to advance, it will defy our expectations and become impossible to keep up with in the same way we’ve done in the past. The industry needs a mindset shift to emphasize what happens when an attack occurs – i.e., preparing your organization to withstand an attack and recover data successfully with as little interruption and chaos as possible.

The best way to do that is by prioritizing data backup best practices. This includes ensuring regular backups of company data and following the 3-2-1-1-0 strategy, meaning that for data to be adequately protected, there should be three copies of the data saved on two different types of media, with one copy offsite and one offline copy.

Immutability is a must-have for this strategy. Immutable files are those that absolutely cannot be altered once the file backup process is complete, essentially protecting them from ever being encrypted, infected, or deleted, whether that be accidentally by an employee or maliciously by a cybercriminal.

Another needed layer of protection for your data, especially with the rise of deep fakes, is to choose vendors that leverage a “zero access” policy for backup storage. IT teams are likely familiar with zero trust policies wherein there is a baseline of verification required for every individual, even those inside the network, but zero access takes it a step further by requiring a validation process with an outside party before granting admin privileges and access to backup operating systems. This authentication process takes time and keeps the data immutable, keeping out attackers looking for instant access once they’ve compromised a network.

According to IBM’s latest Cost of a Data Breach report, in 2023, the average cost of a data breach reached an all-time high of $4.45 million. This is partly because ransomware gangs demand more in ransom, extorting a near-record profit of $449 million in the first half of 2023. While paying a ransom to retrieve company data has obvious financial repercussions, data loss has consequences for a business’s reputation and future success. A survey of small and medium-sized businesses found that 75% said their organization would survive only three to seven days following a ransomware attack.

Safeguarding your organization from the most dire repercussions of a cyberattack is doable, but not if IT teams continue to operate in the mindset that a cyberattack won’t happen to them and their organization. Prepare for the worst, and you’ll be able to sleep easy knowing your company’s most valuable asset – its data – will be there when you wake up.

Latest posts by Anthony Cusimano (see all)
Scroll to Top