Adopt a defense-in-depth approach to become cyber resilient to ransomware

Being cyber resilient in the modern age is a business imperative. To complement the broad advice we recently provided for how businesses can prepare for ransomware attacks, let’s dive deeper into specific actions that companies can take to protect their data and digital ecosystem from ransomware threats.

Traditional disaster recovery just isn’t enough anymore

The pervasiveness of ransomware attacks in this digital age makes it clear that (a) the traditional understanding of disaster recovery (DR) is not comprehensive enough in the face of the evolving cyberthreat landscape and (b) the conventional strategies for DR are no longer sufficient. This is why the adoption of cyber resilience is so essential.

Cyber resilience takes a more comprehensive approach that prepares businesses to not only recover from cyberattacks but also resist future threats. This approach recognizes ransomware as a prevalent part of our interconnected world and emphasizes the development of robust systems that are not only reactive but also proactive in handling these cyber threats.

It’s about the data

Always remember that what cybercriminals are after is your data. Whether that means denying you access to your own data through encryption, blocking access to your own encryption keys, or outright exfiltrating your data, it’s imperative to have a strong defensive posture and ensure that your data is stored and managed in a secure way so that it’s really difficult to access.

When it comes to planning a data protection strategy, it’s important to remember the key objectives: to be able to recover as quickly as possible and minimize the impact on business operations.

Today’s imperatives for comprehensive data protection

Let’s start with the basics. At the very least, you need to harden your backups and DR capabilities using retention locked files and immutability so those backed up files can’t be altered in any way. It’s also beneficial to have good observability in your IT environment so you have a clear picture of where the data is stored and who has access. With those pieces alone, you can have a fairly resilient solution without having to do too much else.

What’s imperative in all of this is having a third copy of your critical data that is offline and disconnected. If you want to ensure the ability to recover, you have to have that type of solution in place, and the data needs to be isolated. It’s often referred to as having an “air gap” or “logical air gap,” and it’s one of the solutions we’re coordinating with Dell Technologies to isolate data so a bad actor just can’t get to it — basically, separating the management plane from the control plane.

If you start there, at least you’ll always have the data. Then you have to build out the planning and the muscle memory and work with your partners to the extent that you need help with planning, designing or recovery.

As we architect cybersecurity solutions with Dell Technologies, it’s important to look at systems like Active Directory to make sure there aren’t links in place that would undermine that data isolation imperative. When we design solutions with Dell Technologies, we’re looking at these operational environments as well to make sure there are no backdoors.

As a final point, often we think only of application data, but we mustn’t forget that there is configuration data as well. If the configuration data gets encrypted, the organization’s ability to recover isn’t as effortless because IT still has to rebuild the entire operation environment. It’s imperative, therefore, to be very clear and thorough about what constitutes your organization’s critical data.

How DXC and Dell approach cyber resiliency together

To protect backup data, it’s essential to have that “air gap” in place. This guarantees that — come what may — when an organization needs to get at that critical data, it can be recovered in a current form and put into the organization’s environment when it becomes available. The Vault managed services that DXC and Dell offer provide that air gap, protecting data via cyber vaults and backups.

Cyber resilience is really “defense in-depth,” which means that you have a backup and then protect that backup. For some attacks, that might be enough. But you also have to be prepared for the more sophisticated threat actors. To that end, the Vault solution provides a safe, secure point of recovery; it integrates DXC's industry-leading managed security services with Dell's state-of-the-art backup and recovery systems to provide a holistic data protection solution.

Organizations may not need to use the Vault to recover from every attack, but for the more sophisticated attacks, it’s going to be the key way to survive and enable recovery in an acceptable amount of time. And of course, the Vault solution complies with stringent data protection regulations, enabling businesses to meet their regulatory obligations while ensuring data privacy and integrity.

Learning from our customers

While every organization has its own priorities, DXC has learned from our customers how essential it is to have that basic layer of IT discipline in place. That is, having a well thought-out response playbook across the organization where everyone knows their role and actually practices it. That’s the only way to ensure that when the worst happens, your organization can keep its composure and maintain operations. In other words, the organization is cyber resilient.

And of course, it’s critical that the organization find out which data and applications are truly important and essential to maintain operations, and then protect that data using the methods outlined earlier. That’s something that DXC can help organizations accomplish. When you consider the absolutely devastating effects of a serious ransomware attack and the odds of it actually happening, it’s important to have a security partner in your corner so you don’t have to go it alone.

Learn more about DXC Security.