Black Friday Cyber Monday (BFCM) is right around the corner. Although BFCM originated in the United States, judging by the increase Borderfree found in cross-border shopping, this online shopping mania has become a global phenomenon. It seems European consumers have also embraced the phenomenon!
According to dot.vu:
“Black Friday has already overtaken Cyber Monday online sales and is now the biggest of European Holidays. … The growth of Black Friday is particularly noticeable in the Nordic countries. Where sales increased by 187% from 2013 compared to 66% in the rest of Europe. Black Friday has become the biggest shopping day of the year in the UK, where people shop 3.2 times more than on regular days. Countries in the rest of Europe are picking up too, and Black Friday sales are expected to grow swiftly in France, Germany and Spain”.
BestBlackFriday.com blog predict online purchase revenues will reach a staggering $3.52 Billion this year. The increase in online sales will bring with it an increased risk of IT security threats. We are not the only ones looking forward to BFCM … it also presents an ideal business opportunity for cybercriminals to make a lot of money, by launching attacks and targeting both e-retailers and buyers alike, thus putting data protection and data privacy at the forefront of IT and IT Security professionals’ minds.
Employees will use corporate or personal devices to shop online during BFCM, be it from their office or in store. It’s highly likely they will use their organization’s network to connect to the Internet at some point, thereby introducing IT risks. Buyers will need to be on the lookout for malware infections such as ransomware attacks, phishing attacks, malvertising, watering hole attacks, compromised mobile apps, etc. On the flip side, retailers will need to increase their online security during the BFCM season—and beyond! Cybersecurity and data protection are a 24/7 matter, as millions of users will be visiting their websites, including the bad guys. This year, 2017, has already seen some major cyberattacks, such as WannaCry or Petya, infect organizations across the globe, with the most recent attack, Bad Rabbit ransomware, still lingering as a bad taste in many an organization’s mouth.
Ransomware will continue to be an ongoing problem for businesses if not enough layers of defense are put in place to mitigate the threat. By not protecting data from ransomware, businesses will face risks greater than monetary loss—entire operations could be impacted, resulting in the loss of trust and customers, which consequently affects bottom-line figures.
There is no simple solution for dealing with ransomware. The best approach might be one that deploys multiple layers of protection. This approach has to incorporate education and training of staff, keeping network and endpoint security solutions updated, and regular patching of software. Finally, if prevention fails, data protection must include a robust and regularly tested disaster recovery (DR) plan that relies on backup and recovery solutions as well as on next-generation scale-out storage.
Regular backups are the foundation of any organization’s DR plan. However, companies of all sizes must understand that these backups have no value if they cannot restore quickly and easily when hit by a ransomware attack or any other of the many possible disasters. Backup Area Network (BAN) can be used to keep backup data separate from production data. A dedicated Backup and Disaster Recovery (BDR) solution should be on an isolated network, which can be locked down to ensure security is as tight as possible. Other best practices include backing up to three different media, across two different systems with one being air-gapped. And to further protect their data, in addition to having local backups, organizations can leverage cloud services. Bringing a cloud service into the mix will help prevent any local problems, like a ransomware attack, by moving the data offsite.
When combating ransomware, organizations cannot lay backup strategies without considering storage. Some companies have taken advantage of the features provided by next-generation storage vendors to recover from such attacks. For example, StorageCraft OneBlox scale-out storage features Continuous Data Protection (CDP), which takes immutable snapshots automatically every 10 seconds for the first hour, then on an hourly, daily, weekly, and monthly basis thereafter. Should a ransomware attack occur, causing data encryption and corruption of the primary file system, the snapshots remain completely unaffected, immune from any modification or deletion. The ability to take such granular snapshots at 10-second intervals is critical to ensuring recovery of the latest and most recent version of the data. Unlike with legacy RAID-based volume snapshots, users not only recover individual files and folders easily but also recover complete network shares.
When combining StorageCraft OneBlox with StorageCraft ShadowProtect® software, organizations can protect desktops and physical and virtual infrastructure from ransomware with fine-grained RPOs and high-performance recovery—all in a single solution.
Best-Practice Data Protection and Ransomware Protection Strategies
- Backup accounts: Create dedicated backup accounts on destination devices separated from regular users and not domain administration accounts.
- Backup isolation: Dedicated BDR appliances should be on isolated networks, not on the production LAN.
- Backup and restoration: Clear separation of duties for backups and restoration. Know who is doing what and have procedures for both.
- Scale-out storage: Continuous Data Protection (CDP) feature takes immutable snapshots automatically.
- Network security: Lock down network resources to secure it as tight as possible and check that other vulnerabilities are not there.
- Multilayered defense: Effective ransomware defense involves a combination of anti-spam, patching, antivirus, sandboxing, data protection, and end-user education.
See for yourself how All Mountain Technologies helped a client infected with CryptoLocker by using incremental backups to find the point of infection and restore encrypted files.