By Surya Varanasi, StorCentric
What’s one of the top things every channel reseller must prioritize in 2023? It’s figuring out ways to boost data security for their clients, to help protect them from ever-evolving cyberthreats and reduce the risk that they’ll fall victim to a data breach. Most of your clients could benefit from a stronger cybersecurity foundation beyond a single layer of cybersecurity. A multi-layered cybersecurity approach is what’s needed to strengthen your clients’ data security in the face of today’s sophisticated ransomware attackers.
Employing The “Defense In Depth” Strategy
The Computer Security Resource Center (CSRC) defines “defense in depth” as “an information security strategy integrating people, technology, and operations capabilities to establish variable barriers across multiple layers and missions of the organization.” This type of comprehensive approach to cybersecurity helps ensure the constant protection of critical assets through multiple layers of security. The advantage of defense in depth is clear: even if a defense layer gets penetrated, the threat can still be stopped in its tracks by other security layers. This strategy has the potential, with proper execution, to stymie attacks as they’re happening while also preventing subsequent damage.
What this means for your clients is that it’s not “game over” if a hacker infiltrates their network—they’ll have time to implement countermeasures. With a multitude of protective layers and duplicated security processes, there’s much less chance of a hacker pulling off a successful data breach.
The structure of defense in depth layering includes physical controls (which limit physical access via security guards, key cards, or locked doors), technical controls (which protect systems with specialized hardware or software, like antivirus or firewall apps), and administrative controls (which are security-focused organizational policies and procedures).
Backups Also Need Security Layers
The most common causes of ransomware breaches are cloud misconfigurations or stolen credentials, which delete backups and cloud storage and then encrypt the data, holding it hostage until a ransom fee is paid. Be sure that your clients are aware of how steep these costs can be—it’s not chump change, as the average payment request is $570,000. If your clients are small to midsized businesses, losing that much could put them out of business. CyberCatch reports that three-quarters of SMBs would be forced to close if they were a victim of a ransomware attack.
In a cyberattack like ransomware, backups are generally going to be an organization’s last line of defense. That’s why it’s so important for your clients to have multiple protective layers in place when they select their backup hardware and software. Cybercriminals know how critical backed-up data is in any recovery plan, which is why they go after it first to make recovery attempts futile.
Another point to advise your clients on is the location of their backup storage since this is just as essential as the software they select. Guide them toward understanding that the data storage solution hosting their backups should offer these capabilities to secure their data:
- File redundancy. This makes a duplicate copy of the file and its fingerprint, storing them in a separate RAID disk set.
- File fingerprinting. This facilitates combining two cryptographic hashes, which create a unique file identifier.
- Storage optimization. This archives unstructured and lesser-used data, freeing up primary data and dramatically cutting the backup process’s size, time, and cost.
- Flexibility. This allows for implementation in a variety of infrastructures including cloud, hybrid cloud, or on-prem storage.
- File serialization. This assigns serial numbers to individual files, ensuring no files are modified or added without authorization.
Finally, when your client needs to choose backup software, they should check for some specific data-security features to guard against ransomware attacks:
- Anomaly detection. This feature uses an algorithm to detect all major ransomware variants; the algorithm uses behavior-based monitoring to detect inconsistencies in file metadata. IT administrators can leverage customizable filtering and thresholds to tailor the algorithm to specific systems.
- Immutable backups. This feature locks backups for a set amount of time, thus ensuring that they can’t be deleted by any user. The result is that even if a bad actor gets their hands on the root credentials, they still have no way to tamper with backups during the specified retention period.
- Backup comparison. This feature allows IT administrators to see exactly which files have been modified, so they can dig deeper into and isolate ransomware infections. It’s an essential feature to help businesses make sense of modifications between backup copies.
- Operating system compliance checks: This feature identifies systems that are out of compliance with the latest version of each OS by aggregating system information and giving a reminder to patch systems, thus avoiding infiltration techniques aimed at unpatched systems.
These added security features give your clients a higher chance of noticing and containing a ransomware infection in the event of an attack. Most importantly, even if the ransomware succeeds in encrypting your clients’ files, having immutable backup capabilities guarantees that they’ll have a pristine backup copy at the ready. By helping your clients keep their data security solid across the board, they’ll be able to enjoy a clean recovery with no ransom fee—and you’ll be the one who helped them.
About The Author
Surya Varanasi is the CTO of StorCentric.