What's Happening?

Practice makes perfect: the importance of stress testing in ransomware



You could be forgiven for believing ransomware has already peaked. After all, few organisations in South Africa have experienced it on various levels since 2017’s WannaCry attack. Yet ransomware is hardly a spent force. If anything it’s become normalised. Kaspersky detected 16 017 new ransomware modifications in Q2 2019, more than double the number it discovered in the same period last year.  

Ransomware is now big business. With estimated annual revenues of $1 billion, it’s become a parasitic sub-economy whose continued rise seems inexorable. However, as ever, it’s not a price worth paying. The average attack costs businesses over $133,000 and does long term damage to reputation and customer confidence. What’s more, paying the ransom is no guarantee you will get your data back – 20 per cent of paying victims never reclaim their stolen data.

Data is your strongest asset, but it can also be your biggest weakness. It helps you anticipate change and cater to your customers, but it is also becoming more complex, varied and difficult to protect. To stop it falling into the wrong hands, you must have a strong security configuration and backup strategy in place. Now more than ever, you also need to put it through its paces.

Prepare to fail

A strong ransomware defence strategy delivers protection at depth and at all levels. You should have a strategy to proactively search for and fix system vulnerabilities, and deploy solutions for network monitoring, threat intelligence and endpoint detection. By covering all bases, you give potential attackers nowhere to hide.

However, threat prevention by itself is no longer enough. You can have in place the most comprehensive prevention strategy possible, but failure is inevitable at some point in your system’s lifecycle. Indeed, more than 77 per cent of ransomware victims were running up-to-date endpoint protection when they were breached.  

Ransomware is no longer a cottage industry of lone wolf operators and small groups. It’s the weapon of choice for state actors and well-resourced criminal outfits. Cybercriminals don’t have the distraction of needing to operate a business – they can focus solely on their goal of breaching your defences. What’s more, they constantly evolve their techniques and technologies, and can do it much faster than you can refresh your perimeter defences.

Without a detailed incident management and response plan, one bad day could turn into a long-running disaster for your organisation. You can’t defend yourself from every potential ransomware attack, so a comprehensive backup plan is crucial. This means creating and maintaining multiple copies of important data, both locally and in the cloud. You should be aware of how your backups are created, where they are stored in your organisation and, most importantly, how your backup strategy performs under pressure.

You don’t have a backup plan until you’ve tested it

Despite the heightening threat of ransomware attack, organisations often still neglect to put their backup strategies into practice. There’s a perception of ‘it could never happen to me’ among many data officers and managers, but ransomware attacks are worryingly common – across Europe, the Middle East and North America, more than a third of finance and insurance companies have been victims. A ransomware attack isn’t a question of if, but when.

Complacency only puts your data in danger.  If failure is inevitable then you shouldn’t be caught unprepared. Backup plans are complex and multi-layered, spanning across multiple data and cloud environments. It’s hard to predict how your backup plan will interact with all these systems until you put it into action.

Stress testing your backup configuration reveals cracks and vulnerabilities you otherwise would never have discovered. Are your backups sufficiently isolated to avoid infection from spreading, do you have enough copies of valuable data and are you retaining those copies long enough? Only regular fire drills and tests can answer these questions conclusively.

A stress test could be something as simple as staff checking to ensure a backup site will go live should the main application fail, or performing a single file recovery and checking the recovered copy matches the original.  What’s important is that these tests are regular, repeatable and a crucial part of your backup strategy. 

It’s important to stress that you can’t just focus on the resilience of your primary data. The secondary data you create through backups and copies also needs to be properly defended and tested under your policies. Review how your backups are saved and then put them through the same process as your primary data. What’s more, a number of backup solutions are building ransomware resiliency capabilities into how secondary data is stored and accessed – take advantage of these.

Stress testing isn’t a case of better safe than sorry, it has real benefits to an organisation. Rehearsing your backup strategy improves response times and shortens the delay between losing your data and getting it back. This is increasingly important in a connected world where losing access to data can swiftly derail business continuity.  

When it comes to ransomware, prevention is no longer enough. You need to have a data backup plan, and that plan has to be measurable and repeatable to keep pace with today’s fast-moving attackers. You can’t say you’ve truly recovered from a ransomware attack if it has done damage to your business through downtime and data loss. A tried and tested approach will not only boost response and resilience, it will deliver confidence to customers and stakeholders.