When a certain Indian organisation was hit by Petya ransomware, it took a month to recover 60 – 70 percent of its data from backups. The organisation was not entirely prepared to face an attack on its IT assets, and the startling fact was that, even the online backup of its data was impacted. What then should organisations do to prepare for such attacks? This story was told by Vishal Salvi, CISO Infosys, at Trend Micro’s CLOUDSEC 2017 event in Mumbai (Twitter: #Cloudsec.) Vishal also prescribed a strategy for organisations and said that they need to think a lot differently. Vishal is a respected individual in the world of Information Security and has served organisations like PwC and HDFC Bank in India.
“The issue was about recovery and getting apps back. When online backups also get corrupted then the recovery takes longer,” said Vishal. “Organisations should look at Business Continuity and think about different scenarios where data corruption can occur. Have you thought about a scenario where even your online backup can get corrupted? Your tech team will not be able to handle a situation of that magnitude, and your business will be down.”
Vishal advises organisations to consider the following when devising a strategy to counter ransomware and other attacks in the digital age:
- Zero tolerance for IT hygiene. When incidents or events occur, respond immediately. Change your SLAs in terms of how you do patch management, admin access, and AV signature updates.
- How do you do network segmentation? Divide and rule. Backup on different OS platforms.
- Don’t wait for the incident to happen.
- Build advance threat protection.
- Build cyber resilience.
- Create a resilient backup strategy.
- Build a threat intelligence platform. Understand what is happening around the world and identify what is immediately actionable, rather than trying to do everything at once. Strengthen threat hunting capability.
The writer was hosted by Trend Micro at CLOUDSEC 2017.