International conflict and preparing for cyber threats

Celeste Kinswood, Director, Product Marketing - Cyber Resilience & Data Governance

As international conflicts have come to a head in 2022, cyberwarfare represents a significant threat. Companies and governments alike need to remain wary of virtual vulnerabilities, regardless of how far they may be from a physical battlefield. Malware attacks can spill over from affected servers and systems targeted during hostilities. As international sanctions impact economies, threat actors can also repurpose malware created for nation-state attacks to execute more traditional financially motivated ransomware attacks.  

IT leaders must take steps to ensure infrastructure and data are resilient. These efforts should include making sure security software is up to date/patched, and backing up all mission-critical data to a safe location.

Cyberwarfare in recent years

Cyber aggression as part of global conflict is not a new development. Evidence suggests Russia has been actively disseminating malware in Ukraine since its 2015 annexation of Crimea. As part of its 2015 efforts, hackers managed to disable a power grid for nearly 230,000 customers. These hackers went on to target government agencies and banks in the following years before widely deploying data-wiping malware in February of this year¹. 

The Conti ransomware group, among a variety of other notorious cybercriminal organizations, has already announced its support of the Russian government and expressed intent to strike back at those who oppose Russia’s efforts². It’s very plausible that Western nations imposing sanctions could soon find themselves within their line of fire, and as malicious software spreads rapidly between networked systems independent of physical location, multinational companies should take this opportunity to ensure they have air-tight cyber defenses in place to provide resistance against threats and keep critical data resilient

Collateral damage and increased attacks 

There is a high chance that upcoming cyberattacks will spread beyond Ukraine as the war continues. Fortunately, we have an idea of what spillover from a state-sponsored malware attack could look like. In 2017, a presumably Russian malware attack called “NotPetya” hit Ukrainian infrastructure, banks, and airports, and quickly spread throughout the world³. It would go on to affect, and in some cases briefly shut down, a number of global enterprises, including logistics company Maersk and pharmaceutical company Merck. 

In another high-profile case, a malware program known as “Stuxnet” destroyed nearly 1,000 nuclear centrifuges in Iran⁴, another example of the damage cyberattacks can cause to infrastructure and power grids. Experts believe that, if deployed at large, such attacks may look and feel similar to a natural disaster — for example, the 2021 blizzard in Texas that knocked out power to more than 4.5 million homes, leading to food and supply shortages, and causing over 200 deaths. 

Cyberattacks and how to defend yourself

Given the steep rise in ransomware incidents in recent years, especially eye-popping headlines like Colonial Pipeline⁵, IT, security, and compliance professionals have taken notice and are strengthening their cyber resilience practices. Governments are as well, and on March 15, 2022, the U.S. government passed the Critical Infrastructure Act⁶. The law requires organizations in critical infrastructure areas (e.g. communications, emergency services, energy, agriculture, public health, etc.) report any cyber incident within 72 hours, including any ransoms paid, to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). While these reporting requirements will not be effective until the final rules are published, which could take as long as 36 months, they’re a promising reflection of a new emphasis on cyber security and data resilience from the federal government — a definitive step in the right direction.

The most effective measures IT leaders can take to prevent and minimize damage from cyber threats go beyond the scope of basic cyber hygiene. Simple steps like enabling two-factor authentication, not clicking suspicious links, backing up data to the cloud, and regularly updating software can only go so far. In today’s tumultuous cyber threat landscape, and in the context of the Russia-Ukraine conflict, large enterprises and SMBs alike need a comprehensive approach that shifts from threat prevention to data resiliency — one where strong, reliable backup and air-tight cloud data protection go hand-in-hand.

In traditional threat prevention, the IT team is tasked with keeping systems up to date. However, manual patching, juggling a variety of security and backup solutions, and managing the update cycle of each make it easy to fall behind. As a result, the system is often left open to threats and vulnerabilities. Enter cyber resiliency — with attacks increasing in frequency and severity, IT needs to be prepared to get data and applications back online quickly. This means leveraging an orchestrated and automated approach that integrates primary and backup systems. IT leaders should be partnering with vendors to help manage infrastructure security for their own SaaS-based data protection and resilience solutions. The ideal vendor would back up data regularly, keeping it air-gapped and immutable but always available and simple to manage. In this way, in the event of data loss or corruption, systems can come back online in a matter of minutes with minimal disruption to the company’s operations.

Keep your data safe and available, anytime, anywhere

For air-tight cyber resiliency, the third-party backup vendor should offer unmodifiable, truly immutable backups, deletion prevention, and malware-resistant architecture. Zero-trust access, rapid detection, and automated response playbooks can reduce infection spread and improve time to recovery. Scanning snapshots before restoring data eliminates the chance of reinfection. 

Druva is the ONLY vendor in the market that offers all of these capabilities on a 100% SaaS platform — the Druva Data Resiliency Cloud.

Druva’s industry-leading cyber resilience solution keeps your backup data safe from encryption and deletion, and recovers clean backup data quickly in the event of an attack, all without your IT team lifting a finger. How does Druva do it? The simple, no maintenance, 100% SaaS platform provides a single pane of glass for managing your data with security baked-in, without any extra hardware, software, or configuration. Stop losing data due to point-in-time recovery. Druva does the work for you, automating data recovery to let your IT team get back to higher-level initiatives. Druva’s Curated Recovery feature automatically finds the most recent clean version of every file and compiles it into a single curated snapshot to drastically simplify and accelerate the recovery process.

Next steps

Want to learn more? Watch the video below for an in-depth look at Druva’s Data Resiliency Cloud. Discover Druva for cyber resilience with a live demo and free trial. See firsthand how easy it is to safeguard your backups and ensure your company doesn’t become a headline.