August 31, 2021
In what now appears a never-ending series of high-profile ransomware attacks, multinational consulting and professional services provider Accenture, recently confirmed it had been hit.
Although the attack had limited impact on the company, it has left many asking: ‘if a giant corporation, with half a million employees is at risk, what does that mean for smaller, less well-organised businesses like mine?”.
Accenture confirmed a hacker group using the LockBit ransomware had threatened to release sensitive data and sell insider information of the Fortune Global 500 company. However, the most important piece of information was contained within the company’s response, which highlighted the critical nature of robust security in today’s challenging online environment.
Their statement read: “Through our security controls and protocols, we identified irregular activity in one of our environments. We immediately contained the matter and isolated the affected servers. We fully restored our affected servers from backup. There was no impact on Accenture’s operations, or on our clients’ systems.”
Constant monitoring of networks and systems by anti-virus solutions will play a significant role in the cybersecurity defences of Accenture, with heuristic analysis looking for specific commands or instructions that would not be expected to be found in an application.
The commands being sought could execute functions like, the payload of a trojan, replication process of a virus or distribution model of a worm, if they are allowed to act without intervention.
It is likely that in the Accenture case, the antivirus software found a risk that exceeded a predetermined threshold, which triggered an alarm to alert system administrators. At the same time offending files and servers were likely to have been automatically placed into quarantine, to isolate them and prevent the virus from spreading further.
Having stopped the spread, Accenture explains how it fully restored the affected servers from backup and how there was no impact on their operations, or their clients’ systems. This ability to backup is critical and sends an important message; good cyber security isn’t just about defending your perimeters, it’s also about assuming the worst will happen and having backups that work.
However, new ransomware and a new generation of hackers recognise the importance of backups and seek them out to encrypt them too. Which makes the 3,2, 1 rule even more important; keep at least 3 copies of your data, use 2 different storage media and keep 1 off site and unconnected to your systems.
If your systems are compromised, the time it takes you to recover affects the long term survival of your business – the more time it takes, the less likely your business is to survive. Which is why $45 billion business Accenture clearly values it’s backups and the ability to recover quickly.
There’s no excuse now for not having effective, safe, yet readily available backups, thanks to the advancement of Cloud-based solutions. However, not all backups are the same and whilst a Cloud-based backup might give you confidence, it really needs to be immutable, so even if the virus finds it, there is nothing it can do to affect it.
An immutable backup is one where the data copied cannot be changed, encrypted or deleted, even by today’s aggressive viruses. Immutable backups also protect against administrative errors that could delete files, application bugs that might corrupt files and insiders who try to sabotage backups.
These immutable backups can be made from hourly snapshots, taken sequentially from a complete backup with only incremental changes recorded at pre-determined regular intervals to minimise data transfer and storage, as by definition, immutable backups cannot be overwritten.
Archiving these immutable backups will also help organisations meet data compliance obligations for those operating in regulated sectors, where accurate copies of historical data must be retained and presented for inspection if required.
Whilst there are numerous backup solutions available, it is critical to your business continuity planning that not only are backups made regularly, but that they are checked to ensure you can recover everything you need from them.
We have tried to help businesses seeking help to recover after an attack, because when they sought to use their backups, it was only then they found that the system used had been malfunctioning for years, without ever recording a single, successful copy of their critical data.
The Cloud, such as that available from Dataquest, makes it simpler to create backups of your critical data, stored not only in immutable form, but separate from your live systems and separated geographically, both important best practice security approaches.
Although an important part of your ability to recover data in the event of a failure or malicious activity, a Cloud backup is accessible from anywhere, almost immediately, so will form an important part of your Disaster Recovery planning too.
The Dataquest solution to protect against ransomware is powered by Acronis and provides a whole host of features to keep your business and your data safe. We will cover the comprehensive solution’s features in more depth in the coming weeks, but if you can’t wait to improve the performance of your cybersecurity, please get in touch today.