- Author|Zhongguancun Online
- Source|Zhongguancun Online
- Release time|2021-03-18
As the attack technology and business model of ransomware continue to mature, the network threats caused by it have spread globally. Especially in the last two years, the number of ransomware attacks each year has increased significantly compared with the previous year, showing an intensifying trend. In 2021, blackmail attacks are still worthy of taking the top spot in cyber threats. For enterprises, it is only a matter of time before the data is attacked, and they must not be lucky. If you do not want to pay the ransom, you must plan ahead and deploy data protection strategies and technologies in advance.
At the same time, the threat does not just come from the outside. According to recent media reports, the database information of a well-known domestic real estate agency was maliciously deleted by an internal IT administrator, which caused the company's financial system to fail to log in at that time. After the incident, the IT administrator was sentenced to seven years in prison in the first instance for damaging the computer information system. It can be seen that enterprise data protection requires both internal and external repairs, with one hand to guard against external threats and the other to focus on internal management to prevent the fortress from being broken from the inside.
From a global perspective, the data security threats faced by enterprises mainly include the following five situations. Commvault data management solutions can effectively respond to data security challenges.
Threat 1: Ransomware targets backup data
In this case, Commvault recommends that the backup volume must be secured, and no administrator has the right to modify it. Only through the Commvault verification process can the modification be performed. At the same time, digitally signing Commvault binary files and requiring certificate authentication between Commvault components can further enhance the security of the backup volume.
Threat 2: Ransomware targets passwords, policies, and data
Use multi-factor controls for security authentication, and control access permissions based on users' roles and needs. Data encryption and external key management support. The four-eye principle (that is, at least two people) is used in the process to make decisions to prevent possible malicious damage by the administrator.
Threat 3: The administrator maliciously accesses the backup data
In addition to the above four-eye principle and user role-based access restrictions, every access and change will be recorded, and all key data changes will be reminded by the system. Privacy lock technology can prevent administrators from seeing or restoring sensitive personal data, so as to achieve the purpose of protecting the above data security.
Threat 4: accidentally deleted by the administrator
All controls used to block threats and malicious administrators will also work in this situation, eliminating the possibility of administrator deletion by mistake.
Threat Five: Security Compliance
Companies must comply with relevant laws and regulations to ensure data security. In order to achieve compliance goals, companies usually keep log files for a long time. All files from servers, endpoints, and network devices need to be stored separately in addition to the regular backup strategy.
In short, it is important for companies to achieve "recovery readiness" if they want to achieve their data protection goals. The so-called recovery readiness refers to the fact that the enterprise continuously evaluates its recovery readiness status with the help of tools, so that problems can be discovered and corrected in time. Through automatic testing to verify the recoverability of its data and business applications, and continuously strengthen the security barriers of the enterprise, thereby improving security and reducing risks. At the same time, data protection requires the deployment of multiple security strategies. It is important to ensure that mission-critical data can withstand specific attacks on the primary and backup copies of the data. At the same time, the data recovery process is fully automated without complicated operations.
In addition to the above data protection strategy, monitoring and detection functions need to be added as a supplement to the security software. With the help of machine learning algorithms, anomalies in file activities can be detected, and honeypot technology can provide early warning of potential ransomware attacks. These features can help companies identify threats as early as possible without adding additional costs or management work.
