New cyber threats focus minds as attacks shift to SMEs - Image by Pete Linforth from PixabayRight now, mission-critical organisational data is arguably facing more threats than ever before. Cyber-attacks, and in particular ransomware, continue to plague the public and private sectors, with potentially devastating impacts. Reporting on attacks faced by major corporations or public bodies has become an almost weekly occurrence – and these are just the attacks we hear about. The vast majority go unnoticed by the wider public. Why? Because increasingly, the victims are smaller and medium-sized organisations – the backbone of the UK economy. According to official UK government statistics, there are over 5.5 million small or medium-size businesses in the UK, who between them account for 61% of employment nationally.

In February, a collaborative effort involving law enforcement agencies from 11 countries saw the takedown of the notorious LockBit gang, believed to be located in Russia. While this has had a positive impact, with some reduction in the volume of attacks in recent months, ransomware remains a serious issue.  Recently, we’ve seen a number of high-profile attacks in the US and UK. They have targeted organisations including Boeing, the Scottish Health Board, The British Library, Nissan and Stanford University.

While reporting on high profile ransomware attacks maintains awareness of the issue, it doesn’t tell the whole story. It is not just large organisations that are the targets of cybercriminals. Recently, smaller and medium-sized enterprises have become the victims with increasing frequency. These are viewed as easier targets that are likely to lack the resources to invest in cyber defences to the same degree as larger enterprises.

How AI increases the ransomware threat

Now, cybercriminals have added AI to their toolbox. According to a report published in January by the UK’s National Cyber Security Centre (NCSC), AI will almost certainly increase the volume and impact of cyber-attacks in the next two years. The organisation urges the widespread adoption of protective measures to mitigate the impact of this new threat.

One of the reasons that AI poses a greater threat level is the fact that it lowers the barrier to entry for nefarious actors. It will mean that even relatively unskilled cyber criminals can conduct more effective information gathering and victim targeting. It can also be used to identify high-value data for examination and exfiltration, maximising the impact of security breaches.

The report also warns that by 2025, “Generative AI and large language models (LLMs) will make it difficult for everyone, regardless of their level of cyber security understanding, to assess whether an email or password reset request is genuine, or to identify phishing, spoofing or social engineering attempts.”

Recovering from a ransomware attack

Today, it’s a given that all organisations will have robust cyber-attack defences in place and plans for a worst-case scenario. Yet despite best efforts, ransomware attacks remain a constant threat. They often succeed, through a combination of human fallibility and the determination of attackers.

Most organisations have shifted their thinking to when they’ll be attacked, not if. But the question then becomes, what are their recovery plans? Fortunately, there are a host of best practice approaches that can be deployed to aid recovery in the event of a cyber-attack recovery. Being aware of these in advance will aid a rapid recovery.

A comprehensive cyber defence strategy should include:

Immutable data backups

These are data backups that cannot be modified or deleted, even by administrators. Immutable backups help ensure that data is tamper-proof and can be restored to its original state. It will minimise the risk of data loss in the event of a cyber-attack. They should be a critical component of any cyber resiliency plan.

Second site data backups

To ensure the resiliency of data, a best practice disaster recovery approach is to utilise a second site or some other off-site backup capability. Critically important in case an earthquake, or other major disaster really does put an end to your data centre. With the right cyber resilience plan, however, on-premises backups can also be used to speed up the restoration process. This means you can quickly restore a production site.

Threat hunting

The process of actively searching through backups and restored systems to identify signs of a cyber-attack, for example, infected servers from backup copies or restored servers. It is a critical component of any cyber resilience strategy because it helps to identify the scope of the attack and to mitigate any further damage.

Most good cyber resilience solutions include proactive threat hunting to identify potential threats early on, allowing you to take steps to contain the damage and prevent further attacks. This involves proactively searching for signs of a cyber-attack, even if there is no indication of a breach. It may also include searching for signs of unauthorized access, unusual network activity, and other indicators that suggest a breach may have occurred.

Comprehensive testing

It is essential to test recovery processes for both disaster recovery and cyber resilience. For cyber resilience, however, it’s also critical to test that restoration from a week or even a month prior is guaranteed. As far as the testing itself goes, it’s important to test the processes for recovering locally as well as from an off-site or a cloud copy, and also to determine if mix-and-match restoration processes can be achieved.

Becoming a cyber-resilient enterprise

With the threat from ransomware and other forms of cyber-attack remaining constant, it’s essential for organisations to become more cyber resilient. As an added safeguard, organisations looking to maximise cyber resiliency should measure their capability against three key criteria:

  • The ability to monitor backup data for known threats
  • To identify suspicious activity that could be an early warning signal of attackers having breached an environment,
  • The capability to recover from ransomware and other cyber-attacks, on-premises or in the cloud, from immutable backups.

Increasingly, overworked IT teams operating with budget constraints are looking towards data backup as-a-service (BaaS) to meet their cyber resiliency needs. This avoids expensive capital outlay and gives them the time to concentrate on more business-critical tasks instead of spending all their time managing backups.

When assessing BaaS providers critical factors to consider include integration of data orchestration, deduplication and catalogue management. These enable secure expansion using hybrid cloud backup with the ability to access data instantly from anywhere. With the right solution, organisations to control their entire backup environment ensuring resiliency against data loss, natural disasters and cyber-attacks.

Assured Data ProtectionAssured Data Protection brings more than 200 years of industry experience in managing data backup, disaster recovery and business continuity solutions as a managed service provider. The company delivers tailored services based on the Rubrik cloud data management platform to meet individual client needs in an affordable and achievable manner. It supports enterprises with data needs ranging from 5TB to multiple petabytes across any number of sites, from on premises private clouds to hybrid cloud approaches.



Please enter your comment!
Please enter your name here