Q&A with Richard Massey, VP EMEA at Arcserve

1. Please could you tell me a bit more about Arcserve and the products and services it offers?


In a nutshell, Arcserve is the world’s most experienced provider of data protection, replication and recovery solutions for enterprise and mid-market businesses. For more than 30 years we’ve been the catalyst for IT transformation with our flagship data backup and recovery software Arcserve Unified Data Protection (UDP) which combines all products under a common interface, as well as a range of integrated cybersecurity and data protection for on-premises, cloud, and SaaS-based data with the Arcserve Appliance 9000 Series, through our partnership with Sophos.


We’ve recently announced a decision to merge with StorageCraft, bringing together two industry players with a diverse range of backup and storage products and services that span small and medium-sized enterprise (SME) customers. Through this we aim to solve the growing market need for a single source to manage and protect all workloads throughout the data centre, the cloud, and SaaS applications, and at the edge.


2. Please could you explain the current threats businesses should be aware of in regards to ransomware and the types of attacks currently threatening the industry?


Organisations of all shapes and sizes are under increased risk of cyberattacks. Common cyberthreats include formjacking, backdoor remote access, DDoS attacks, cryptojacking, DNS poisoning attacks, botnets, MITM attacks, and malware, which includes ransomware. Ransomware is essentially malware code downloaded via a deceptive email or malicious link that is either opened or downloaded into a system. This then encrypts victims’ information on said system and demands payment in return for the decryption key and the safe return of all data. However, cyber criminals are increasingly savvy and deceptive.


3. How can businesses go about safeguarding themselves against attacks?


Paying a ransom does not necessarily guarantee that you will be able to recover the encrypted data. The best advice we’ve always been advocating is for companies to shore up their IT and data network systems through backup solutions via magnetic tape storage off-site or via the cloud. Take for example the recent ransomware attack on videogame developer CDPR and their recent headline-grabbing video game Cyberpunk 2077. Soon after the attack occurred, the company immediately secured its IT infrastructure and restored data from existing backups. The company is being transparent about the attack but also says it is not negotiating with the cyber-criminals, instead relying on well-managed back-up systems.


4. If a company is attacked what happens?


In the event of a cyberattacks, businesses should:

  1. Review the ransom note and demands which will allow you to assess the threat and its potential impact on your data/network

  2. Analyse recoverability elements from any existing backup systems and aim to contain the breach by preserving/ sealing-off any data recovered

  3. Disable remote access, internet connection, update firewall settings and change all passwords across the entire network, including employees work based and personal applications

  4. Key step here: Form an efficient negotiation strategy – aim is always to “buy more time” to be able to manoeuvre around demands and deal with more internal updates, password changing, network updates etc.

  5. Assess the damage that the breach has caused, identify the cost of recovering the lost data and ascertain if it needs ‘purchased’ back or left to be dealt with the relevant authorities

  6. Payments are often done via some form of cryptocurrency, but the process itself is fairly straightforward. Once payment is confirmed, you receive the decryption key and can retrieve your data (note: we’re seeing more and more cyber criminals not returning decryption keys in exchange for more money)

  7. Learn from the attack by analysing how it was initiated, through which means and type, and manage the business fallout

  8. Notify customers, employees, prepare a list of future clean cyber practices internally and establish a working framework for your network and employees

  9. Proactively shore up your organisations’ network defences, deploy trusted backup options, off-site servers and cloud services to ensure future business continuity in the event an attack occurs again


5. Who is most vulnerable?


All sectors are vulnerable. It only takes one incident or lapse in security hygiene for criminals to gain access to IT systems. Criminals are persistently undertaking social engineering and phishing attacks against all types of organisations. The most affected ones are the public and private businesses operating within the critical sector. This includes healthcare, energy, education, gas & oil, transportation, etc. Disruption to any of these operations can spill beyond the limited nature of employees and stakeholders, and into the public. These industries need to ensure that they have uninterrupted access to their systems and can guaranteed the safety and security of people.


6. Is this situation getting worse if so how?

Yes, it is getting worse. Here are a few examples along the years that showcase the increased cyberthreat to critical sectors. In 2013, Iranian hackers breached the Bowman Avenue Dam in New York and gained control of the floodgates. In December 2015, the world witnessed the first known power outage caused by a malicious cyber-attack. Three utilities companies in Ukraine were hit by Black Energy malware, leaving hundreds of thousands of homes without electricity for six hours. In the spring of 2017, the WannaCry attacks crippled NHS England and afflicting over 200,000 computers in over 150 countries. This the UK £92 million and ran up global costs of up to a £6 billion. It’s certainly getting worse out there, but organisations have several options to protect themselves, it’s all about educating them how to and when.


7. Who are the attackers?


Often, they’re unknown, could be another foreign state or a rogue hacker. Either way, we know their motivations and principles for doing it, and it always involves money. According to the World Economic Forum Global Risks Report cyberattacks are one of the top ten global risks of highest concern in the next decade, with more than $90 trillion potentially lost to threat actors. On top of that, cybercrime will cost the world $11.4 million each minute in 2021 according to Cybersecurity Ventures. This has a significant impact on organisations here in the UK, with over 33% of them reporting a loss in customers after a data breach. This is in addition to other stats which show that 41% of UK consumers will stop spending with a business temporarily after a security breach. The stakes have never been higher.


8. How do we go about preventing such attacks?


There is no silver bullet, there's no one solution to preventative measures. There needs to be a multi-layered approach to data protection and security to make it as difficult as possible for criminals to exploit an organisation. Firstly, you want your perimeter security such as firewalls and other cybersecurity solutions to create harden obstacles for cybergangs trying to infiltrate your IT infrastructure. However, you also want to shore up your internal security too. This includes active monitoring for malicious and bad code, training employees and staff on how to spot malicious links and so on. After that, it all relies on the immutable storage and backup options that a company chooses to deploy. There’s always going to be something extra that you can do so it’s all about having the best, well-rounded kit of solutions that protects you organisation from all external and internal threats.


9. How is the industry being policed against such attacks?


There’s recently been a lot of discussion around whether it should be illegal to pay ransoms in the event of a successful attack. Continuing to pay ransoms is a negative approach and one that will fuel further ransomware attacks going forward. The immediate benefit of having a bill put into place to combat cybercrime is that it will make all ransomware pay-outs illegal, somewhat deterring future attacks. So, this needs to be looked at by governments and independent bodies to take a long-term approach to stemming the flow of these types of attacks.


10. Is this a global issue if so, what countries are most at threat?


Cybercrime doesn’t have borders and as such, all countries and organisations are at risk. This means organisations of all sizes, including NGOs, Governmental, Military and so on, need to prepare themselves against the eventuality of a cyberattack. Threat actors will always follow the trail of money and for them there is no organisation big or small enough they can’t infiltrate and exploit.