Evolving ransomware threats make cyber resiliency planning essential

Despite some success by international law enforcement in taking down major ransomware gangs, together with action by international governments to curb payments to criminal enterprises, ransomware attacks remain the number one cyber threat to organizations worldwide. In reality, it’s a matter of when, not if a business or public sector entity will be targeted. For this reason, a robust cyber resiliency strategy – especially one that includes immutable backups and third-party recovery sites, or “clean rooms” – is essential. Failure to adopt a best practice data backup strategy exposes an organization to unnecessary risk, with potentially devastating consequences.

The evolving ransomware threat

Over the past year, we’ve started to see the emergence of new AI based ransomware threats take shape, adding another layer of complexity to cyber resilience strategies. The situation is further exacerbated by the rise of ransomware-as-a-service (RaaS), which lowers the barriers to entry for cyber criminals, bringing increased risk to potential victims. Even those with limited technical expertise can now conduct more effective reconnaissance, identify high-value targets, and execute attacks with greater precision. AI can also accelerate data analysis and exfiltration, maximizing the damage of security breaches.

Examining the nature of the risk, a 2024 report from the UK’s National Cyber Security Centre (NCSC), asserted that AI will almost certainly increase the frequency and impact of cyberattacks over the next two years. In response, the NCSC urges widespread adoption of protective measures to mitigate this growing risk.

This isn’t a hypothetical risk either. Recently, a new ransomware group known as FunkSec has emerged that appears to be using generative AI to develop its code has emerged, apparently conducting over 100 attacks in December alone. Further highlighting the growing risk, the FBI and US Cybersecurity, Infrastructure Security Agency (CISA), issued a warning in March about a RaaS variant called Medusa, which has impacted over 300 victims so far. 

Cyber resiliency: the key to risk minimization and rapid recovery

It’s expected that an organization will have cyber defenses in place, but that’s not enough to provide protection and assurance. If it was, ransomware wouldn’t be an issue. What is needed is a comprehensive cyber resiliency strategy built on zero trust principles, that allows organizations to easily control their entire backup environment ensuring resiliency against data loss, natural disasters and cyberattacks.

A best practice approach is to have in place a strategy and system that is capable of monitoring backups for known threats, detecting anomalies and suspicious activity, which can be an early warning sign of attackers in an organization’s environment. In the event of a successful ransomware attack, it is essential that the system be able to initiate rapid recovery from immutable backups to a last known good state.

Immutable backups: the critical last line of defense

Immutable backups remain essential for ensuring business continuity in the face of cyber threats. By safeguarding servers, applications, and data from tampering or deletion, they provide the confidence that, even in the worst-case scenario, operations can resume quickly with minimal disruption—addressing a top concern for businesses today.

Immutable backup and disaster recovery (DR) solutions are essential components of a robust cyber resiliency  strategy. However, for some businesses – especially smaller organizations and public sector entities – cost has been a barrier to adoption. This is where a managed service approach can make a major difference. In recent years, there’s been a significant shift to the MSP model for DR and backup services, consistent with the shift from CapEx to OpEx, observed widely across the technology landscape. A key reason for this, in addition to affordability, is the strain on IT resources that is an ever-present issue, particularly in smaller and public sector organizations, with few people taking on ever-increasing workloads. Relaying on an MSP for backup and DR eases the burden of overstretched staff, while providing assurance that in the event of a successful ransomware attack or other data breach, vital data is safe and normal operations can be rapidly restored. 

MSPs must have watertight customer data AI policies
Evolving security risks are leading organizations to become increasingly concerned about the security of their data when sharing it with third parties. Beyond compliance considerations, they want clear assurances about how these third parties use AI and where customer data is stored – ensuring it won’t be fed into AI models. As a result, MSPs offering backup and disaster recovery services must provide ironclad guarantees regarding data protection and transparency in their own AI practices.