A ransomware attack happens 15 times every second.
Click.
Click.
|
When a cyber attack happens, there's a lot that can go wrong (or right!) depending on your data protection solution. Follow the sequence of events below to experience a cybersecurity breach from two very different perspectives:
With Veritas vs. Without
Intruder Alert!
A phishing attack, disguised as a cat video, unleashes malware on your organization. Anomaly detection identifies abnormal data transfers and triggers malware scans. Users restore files, servers, and services, while you and your team investigate and lock down your network.
Brief: Anomaly Detection
Video: Anomaly Detection, a Best Practice to Combat Ransomware
Ignorance is not cyber-bliss.
Without access to a Veritas malware scanning tool for backup data, this attack will go undetected, leaving the hackers to recon your environment. Similarly, without near real-time alerting of suspicious events, unstructured data can be exfiltrated without your knowledge.
'%3E%3Cg id='Veritas_Logo_RGB_RED' transform='translate(50 61)'%3E%3Cpath id='Path_2' data-name='Path 2' d='M137.081,12.684a2.472,2.472,0,0,1,2.472-2.472h10.712a4.12,4.12,0,0,1,1.476,7.965l-8.3,3.059a5.768,5.768,0,0,0-.468,10.723l15.53,7.049V33.6l-13.585-6.007a.989.989,0,0,1,.08-1.838l8.514-2.962a9.064,9.064,0,0,0-3.247-17.526H139.554a7.416,7.416,0,0,0-7.416,7.416V38.227h4.944Z' transform='translate(-71.651 -2.857)' fill='%23fff'/%3E%3Crect id='Rectangle_1' data-name='Rectangle 1' width='4.945' height='32.958' transform='translate(92.668 2.412)' fill='%23fff'/%3E%3Cpath id='Path_3' data-name='Path 3' d='M24.464,5.269,15.615,32.713a.824.824,0,0,1-1.566,0L5.2,5.269H0L9.346,34.241a5.768,5.768,0,0,0,10.971,0L29.663,5.269Z' transform='translate(0 -2.857)' fill='%23fff'/%3E%3Cpath id='Path_4' data-name='Path 4' d='M271.987,38.228l8.849-27.444a.824.824,0,0,1,1.567,0l8.85,27.445h5.2L287.106,9.256a5.768,5.768,0,0,0-10.97,0l-9.346,28.973Z' transform='translate(-144.665 -2.858)' fill='%23fff'/%3E%3Cpath id='Path_5' data-name='Path 5' d='M77.106,10.213H92.761V5.269H77.106a8.24,8.24,0,0,0-8.24,8.24V29.988a8.24,8.24,0,0,0,8.24,8.24H92.761V33.284H77.106a3.3,3.3,0,0,1-3.3-3.3V24.179H89.465V19.317H73.81V13.509A3.3,3.3,0,0,1,77.106,10.213Z' transform='translate(-37.342 -2.857)' fill='%23fff'/%3E%3Cpath id='Path_6' data-name='Path 6' d='M246.3,5.269H222.241v4.944H231.8V38.227h4.943V10.213H246.3Z' transform='translate(-120.509 -2.857)' fill='%23fff'/%3E%3Cpath id='Path_7' data-name='Path 7' d='M350.716,38.227a9.476,9.476,0,0,0,0-18.951h-8.24a4.532,4.532,0,1,1,0-9.064h16.067V5.269H342.476a9.476,9.476,0,0,0,0,18.951h8.24a4.532,4.532,0,0,1,0,9.064H334.648v4.944Z' transform='translate(-180.567 -2.857)' fill='%23fff'/%3E%3Cpath id='Path_8' data-name='Path 8' d='M393.545,2.412h-.429V.4H392.4V0h1.866V.4h-.722Zm2.268-.59.152-.428L396.508,0h.5V2.412H396.6V1.233l.009-.412-.134.34-.482,1.251h-.358l-.483-1.251-.134-.34.009.412V2.412h-.412V0h.5l.545,1.394Z' transform='translate(-212.776)' fill='%23fff'/%3E%3C/g%3E%3C/g%3E%3C/svg%3E%0A)
Every second counts.
Hurry! Your money and reputation are going up in flames.
Getting breached is one thing; thwarting the attacker is something else. According to IBM, it takes an organization an average of 207 days to discover a breach and up to 70 days to contain it¹. That's a very troubling realization, especially considering that 96.88% of all ransomware infections take less than four hours to successfully infiltrate their target². In fact, the fastest malicious software on record can gain control of a company's systems in just 45 minutes³.
When it comes to breaches, speed of response is crucial. Companies that contained a breach within 30 days saved more than $1 million as compared to those that took longer⁴. A slow response enables attackers to become more firmly rooted in your systems, making it more difficult and costly to remove them. This often results in losses of customer trust, productivity, and major fines.
Cybercrime will cost companies worldwide an estimated $10.5 trillion annually by 2025, up from $3 trillion in 2015.
Meanwhile, global spending on cybersecurity products and services is predicted to exceed $1 trillion, in aggregate, over the five-year period from 2017 to 2021, a growth rate of 12-15% year-over-year.
Veritas can help you protect your data in the cloud.
Veritas offers next generation technology that revolutionizes data management, resiliency, cybersecurity, and sustainability in the cloud. Our multi-layered data security strategy safeguards your cloud data—anywhere and everywhere. In fact, we are the leader in multi-cloud data management. Over 80,000 customers—including 95% of the Fortune 100—rely on us to help ensure the protection, recoverability, and compliance of their data. We have a reputation for reliability at scale, which delivers the resilience our customers need against the disruptions threatened by cyberattacks, like ransomware. No other vendor is able to match our ability to execute, with support for 800+ data sources, 100+ operating systems, 1,400+ storage targets, and 60+ clouds.
1 “Cost of a Data Breach 2022,” IBM Security.
2 “Microsoft Digital Defense Report,” Microsoft, September 2020.
3 Ibid.
4 “Cost of a Data Breach 2022,” IBM Security.
5 “2022 Must-Know Cyber Attack Statistics and Trends,” Embroker, October 13, 2022.
Call of the hero.
You work quickly to stop ransomware from gaining control of your backups. Practicing Zero Trust Zero TrustDefinition:The Zero Trust security model describes a “never trust, always verify” approach to the design and implementation of IT systems. A Zero Trust strategy is based on continuous evaluation and verification of network access every time and for every single access. Not just users, but devices and workloads too. , you utilize immutable backups Immutable backupsDefinition:An immutable backup is a backup file that can’t be altered or deleted. Having an immutable backup ensures that you have a secure copy of recoverable data to protect against attacks or other data loss. and encrypted data. Near real-time alerts about accessed sensitive data allow you to swiftly identify and disable the compromised account.
White Paper: NetBackup Flex Scale
Brief: IT Analytics
White Paper: Recovery Vault
What you don't know can hurt you.
There’s a spike in Help Desk tickets. Something’s wrong, but without penetration test verification your vulnerabilities are unknown. Hackers are altering, erasing, and encrypting your data. Without secure-by-default immutability and indelibility, even your backups are at risk.
Containment is control
Failing to plan for containment is planning to fail.
Last year broke the records. According to CNET, we hit the highest number of data breaches with 1862 recorded. This was up 68% from the prior year, a significant and troubling increase. And when you consider that in 2022 the average breach cost $4.35 million², it’s easy to see why so many organizations are racing to bolster their systems, processes, and procedures designed to manage these crises.
What is crucial for companies of all sizes to understand is that the long tail costs of data breaches extend for months to years and include significant expenses that most organizations are not even aware of and/or do not anticipate in their annual planning.
A Data Breach Containment & Response Plan can make a crucial difference in the extent of your exposure and losses. While it’s true that different types of incidents like business email compromise, ransomware, or stolen data all require specialized responses to contain the incident and recover from it, there are a few common early steps that you should take regardless of the type of security issue you’re facing.
Data Breach Containment & Response Plan - Components³:
Containment:
Notify your local law enforcement agency immediately. Depending on the country and jurisdiction of your business, there are various data breach reporting laws that must be adhered to. As part of this, law enforcement agencies can often help to investigate the scope of the breach and to try to track the criminals behind the attack.
Communication:
Tell your stakeholder base there was a breach. You will not know all the details immediately, but early communication is key. Let them know what you did to prepare for this type of incident, that there was a breach, that it is being investigated, and that more details are forthcoming. Then further communication can be sent once it is contained, the amount of data loss is known, and the plans for remediation and compensation are put in place.
Remediation:
Put steps in place to remediate the breach. This includes fixing whatever caused the breach and looking at what systems, processes, and procedures are in place to detect and reduce the likelihood of this occurring again. The business needs to weigh the cost of the breach against the cost of implementing mitigating controls. The containment process itself can be costly and time consuming, and result in lost revenue. To learn more about response strategies and tactics throughout every stage of a data breach, we recommend the Cybersecurity & Infrastructure Security Agency’s (CISA) Federal Government Cybersecurity Incident & Vulnerability Response Playbooks.
To learn more about response strategies and tactics throughout every stage of a data breach, we recommend the Cybersecurity & Infrastructure Security Agency’s (CISA) Federal Government Cybersecurity Incident & Vulnerability Response Playbooks.
1 “Number of Data Breaches in 2021 Surpasses All of 2020,” Identity Theft Resource Center, September 6, 2021.
2 “Cost of a Data Breach 2022,” IBM Security.
3 “Containment, Communication, and Remediation: The 3 Keys to a Breach Response,”
Tripwire, January 25, 2022.
You vs Ransomware.
While grabbing a quick drink you receive an alert: malware has been detected. You begin flagging suspicious events for investigation. Instant rollback Instant rollbackDefinition:Instant Rollback for VMware facilitates a speedy recovery from a ransomware attack by restoring all affected systems and secure mission-critical apps and data directly to the production environment, standing up anything from an individual server to an entire data center in a matter of minutes. and instant access Instant accessDefinition:Instant Access allows VM and workload administrators to quickly access their virtual machine, browse for what they need, and get their data back, eliminating the reliance on backup administrators. shrink recovery times. Consistent policy-based solutions help to minimize data loss.
Technical Brief: Malware Scanning
White Paper: Isolated Recovery Environment
It's no contest.
The hackers are winning. IT admins struggle to access systems—including backup or recovery infrastructure. Productivity is plummeting, the company is losing money, and the pressure is high. Meanwhile, you are not even aware that cloud object storage is being deleted.
Business never ceases.
Maintaining business continuity is critical right now so you and your team work fast to restore key systems, such as SaaS workloads and business apps. Pivoting to forensic reporting, you locate the blast radius in your cloud data and alert the IT team where to focus their efforts.
White Paper: Veritas Alta™ SaaS Protection
Looking for a life jacket.
You’re swept up in a data breach tsunami—accounts locked, data compromised, and backups corrupted. And by not adhering to a shared responsibility model, you’re only now realizing that application reliability and data resiliency are YOUR problem.
More than just another dollar.
The effects of a cyberattack can extend well beyond just the financial loss.
The impact of a ransomware attack can be immense. Consider these key findings from Sophos’s State of Ransomware 2022 Report¹:
- It took on average one month to recover from the damage and disruption.
- 90% of organizations said the attack had impacted their ability to operate.
- 86% of private sector victims said they had lost business and/or revenue because of the attack.
- 72% put faith in approaches that don’t stop organizations from being attacked.
The unfortunate reality is that there is a lot of data in the cloud today that remains unprotected due to the confusion of responsibility between cloud service providers and their customers. Many IT buyers assume that because they're effectively outsourcing the running of their infrastructure to a trusted third party, the provider will take care of everything. This is simply not true.
To ensure cloud security, it is imperative that you, the customer, understand the shared responsibility model which, in its simplest terms, means that cloud service providers are responsible for delivering a highly available infrastructure, and you are responsible for application reliability and data resiliency.
The good news is that Veritas can help you handle your responsibility, which leads to shorter downtimes and more complete data recovery, alleviating operational costs.
Shared responsibility model in the cloud
Continually managing your cyber risk is essential to success.
For businesses of all sizes, managing cyber risk is critical. This requires continually assessing your cyber risk profile and proactively managing your defenses. But it’s also vital that you take steps to mitigate the impact a cyberattack could have on your reputation and brand.
1 “The State of Ransomware 2022,” Sophos, April 27, 2022.
Controlling the spread
Reviewing data access patterns, you identify patient zero and the point of infection. These findings lead to the compromised user accounts and exfiltrated data. Plans are already in place to mitigate the exfiltrated data, so you set them in motion.
Data Sheet: Data Protection for Cloud Workloads
Brief: Trust Nothing, Verify Everything
Chaos reigns
Operations have ceased, a ransom demand has been issued, and everyone is consumed by stress. Frantic, you try to identify which data and applications have been affected, but you don’t have the right tools. It won’t be long before regulatory and compliance issues are triggered.
Good night ransomware!
Ransomware thwarted and data restored, you are fully operational. Thanks to your robust cyber security response plan, you were able to quickly identify the risk and recover quickly using an unaffected backup image. You deserve that hot bath and a good night’s sleep.
Pressure to pay.
A sensitive document is posted online, which has customers worried and management on their heels. The pressure to pay the ransom is high. Meanwhile, with numerous cloud-hosted apps down, you are being confronted by frustrated employees who want answers and support.
Paying doesn't mean power.
A payout is rarely the way out.
Organizations are getting better at post-attack data recovery. As ransomware has become more prevalent, organizations have improved their ability to restore operations in the aftermath of an attack. Of all organizations hit by ransomware in 2021, almost all, 99%, were able to recover some encrypted data. This is up slightly from 96% in 2020.
And of these organizations, almost half (44%) report using multiple restoration approaches to maximize the speed and efficacy with which they restart operations. While encrypted backups was the number one method used by 73% of impacted organizations, 46% reported that they paid the ransom to restore data.
Notably, while “The State of Ransomware 2022” Sophos survey indicates that paying the ransom almost always results in recovering some data, the percentage of data restored after paying has dropped to 61%, down from 65% in 2020. Similarly, only 4% of those that paid the ransom got ALL their data back in 2021, down from 8% in 2020.
Paid ransom and got some of their data back
Data restored after paying ransom
Paid ransom and restored ALL of their data
Veritas helps minimize how much data a hacker can access prior to being detected. We do this in two ways, first we encrypt the data so that whatever is exfiltrated is not usable and, secondly, by backing up the data often, we accelerate how quickly business operations can get up and running.
Don't Take Our Word For It:
ESG validated 12 test scenarios covering the Veritas solution for cybersecurity, including protecting data, detecting threats, and recovering at scale. A holistic, multi-layered, and comprehensive cybersecurity strategy is always the best defense against downtime and data loss due to malware infiltration. Veritas understands that this can be a complex challenge and has delivered an enterprise foundation to help organizations protect IT services as part of an overall cybersecurity strategy. The Veritas cybersecurity strategy provides organizations with the tools, functionality, and confidence that IT services will be highly available, resilient, and protected from ransomware.
Source: “The State of Ransomware 2022,” Sophos, April 27, 2022.
A new day.
Battle-tested and energized, you and the IT teams are conducting a post-incident review. Areas of improvement are identified and discussed; test scenarios are updated. You’re feeling confident—when the next attack comes, and it will, you’ll be ready.
White Paper: Best Practices to Combat Ransomware
You've had enough, but have they?
The VP of Operations requests that you and the CTO determine how this breach occurred and formulate a plan for remediation. Unfortunately, with little to no forensics, zero-day is unknown, forcing the organization to recover from one-month old backups.
Practice makes perfect.
Coming on the heels of the attack, your invitations to the next recovery rehearsal are readily accepted across the organization. Everyone better appreciates the importance of these exercises and is eager to put all the recent learnings into practice.
White Paper: Preparing to Protect the Future
You've lost the battle and the war.
Another sensitive file is posted online, operations are frozen, data infrastructure is corrupted, and malware is still on the loose. There’s no leverage and little hope of recovering the data. With the tough questions left unanswered, you’ve been asked to step aside. Hey, someone had to take the fall.
Make a bad day better.
The aftermath of a breach can be more about how you've handled it than the attack itself.
Capital One suffered a data breach in 2019 involving 100 million customers in the US and Canada. It issued a statement confirming the liability costs of managing the incident would be around $100-150 million to pay for “customer notifications, credit monitoring, technology costs, and legal support.”
Just as damaging however was the immediate 6% drop in the stock price which was attributed to reputational damage. Soon after the breach, one analyst said: “This headline is not a good one for Capital One. We worry about longer term reputational damage and also the potential for political and regulatory actions, including penalties.”¹
The longer-term impact on reputation can also be a major factor. According to Aon and Pentland Analytics’ report Reputation Risk in the Cyber Age², the impact of cyberattacks on shareholder value can be substantial with some companies in the report showing a fall of 25% in their market value over the year following an attack.
Keep your customers happy.
It’s not only shareholder value that is of concern – it’s also customer perception. The high-profile cyberattack in 2018 of telecommunications firm TalkTalk resulted in the hacking of the personal details of over 150,000 customers. In addition to the immediate cost of dealing with the incident, the company lost over 100,000 customers (as well as over one-third of its company value)³. Damage of this magnitude can be difficult, if not impossible, to repair.
Creating perceptions of honesty and transparency are essential to retaining customers and avoiding a short-term reputational hit that transforms into a long-term reputational disaster.
At Veritas, we recommend prioritizing backup and recovery as a reliable part of a comprehensive, multilayered resiliency framework— a part that supports the protect, detect, and recover components of your organization’s overall cybersecurity strategy. Our solutions help you fortify all critical and valuable data, detect potential ransomware threats and ensure orchestrated and automated recovery, so you are up and running quickly.
1 “Capital One shares dive after data breach affecting 100 million,” CNBC, July 30, 2022.
2 “Reputation Risk in the Cyber Age,” Aon and Pentland Analytics, July 18, 2018.
3 Ibid.