Ransomware is on the Rise: Is Your SaaS Data Protected?

This article was originally posted on the Spanning by EMC blog. Attend Spanning’s upcoming session at Cloud IT Live: Automating 3 Critical Data Protection Functions.

“Ransomware” and “backup” have become hot topics well beyond the IT security community, due in part to a RANSOMWARE ATTACK on Hollywood Presbyterian Medical Center.

To recap for those who aren’t familiar with the story, the 400-bed hospital in Southern California was forced to move more than 900 patients to other facilities, as well as revert to paper registration and medical records, after its IT systems were locked down by a ransomware attack–you can read more here and here.

Ransomware like that affecting the hospital can infect a single computer via phishing emails, and once in a computer, will encrypt data making it impossible for you to access your data. The decryption key is given only after ransom has been paid. This malware can proliferate rapidly through an organization, and did so at Hollywood Presbyterian.

In the case of Hollywood Presbyterian, operations were severely compromised, compelling hospital administrators to pay thousands in ransom to regain access to their systems.

Why Should You Care Now, More Than Ever, About Protecting Your Data From Ransomware Attacks?

• The Hollywood Presbyterian Medical Center story has been covered extensively across major news outlets. If you’re an IT professional, your organization’s business executives have likely heard a news report about this situation, and should be talking with you about how to handle similar attacks should they happen.
• The number of ransomware attacks was expected to grow significantly in 2016, according to a November report from Intel Corp.’s McAfee Labs.
• If your organization uses cloud-based collaboration tools like Office 365 One Drive for Business or Google Drive, the impact from a ransomware attack is multiplied at compute speed. How? An infected laptop contains files that automatically sync to the cloud (via Google Drive, or OneDrive for Business). Those newly-infected files sync, then infect and encrypt other files in every connected system–including those of business partners or customers, whose files and collaboration tools will be similarly compromised.

Sounds like a nightmare, right? Well, there are a few steps you can take now to be prepared for ransomware incursions:

• Make sure your end users are aware: Refresh user training on best practices, such as “never click on an unknown link or download a document from any unknown source,” or “don’t connect to the internet or company systems through a public network,” and similar. Good, thorough guidance can be found in the NIST PDF here.
• Understand the potential areas at risk: Identify those inside and outside your organization who collaborate through cloud-based tools, to scope the potential impact of a ransomware attack.
• Backup and have a data disaster recovery plan: Do what most major collaboration tools recommend–adopt and deploy a third-party backup solution to protect your data.^[1] If ransomware effectively locks up SaaS data contained in cloud-based collaboration tools, you’ll be able to access the last pre-malware version of what you need to keep operating.

Save Your SaaS Application Data So It’s Always Available. Look For a Third-Party Solution That Enables:

• Cloud-to-cloud backup, with data encrypted at rest and in transit. Ensure the privacy and security of your data via robust encryption.
• Automation of backup processes, with manual “on-demand” options. Reduce the risk that a backup will not be taken, while enabling manual backup to support data protection before major changes to the IT organization, or to the data being protected, are made.
• Speed of time-to-recovery. The operational and financial impact of data loss can be severe, in part due to the unseen cost of lost productivity. Combine that with regulatory compliance risk and related fines, and you have a perfect financial storm–unless fast and accurate data recovery is part of your third-party solution criteria.
• Auditability and immutability. Administrators and auditors will want a transparent solution that supports auditability towards compliance needs.
• Industry-leading security and HIPAA compliance. The solution should meet current security and availability standards, including HIPAA and SSAE 16 SOC 2 compliance, as well as 128-bit SSL and 256-bit AES encryption.

Attend Spanning’s session at Cloud IT Live to learn how to protect your SaaS data by automating three critical data protection functions, or start a free trial with Spanning today.

1. Google support tells its users, “For non-email data recovery solutions, please consult the Google Apps Marketplace, where one of our partners may have a solution suitable for your needs.” And Salesforce says, “We recommend that you use a partner backup solution that can be found on the Appexchange.”