An interview with Bart Donné, General Manager at WESTPOLE Benelux
Five years ago, criminals used to send emails to millions of addresses, broadcasting different variants of ransom software via infected links or Word documents, without any obvious logic or targeting. Since then, unfortunately, ransomware has become more professional. According to the statistics, there are fewer attacks now, but they are more dangerous.
What should you do?
I often hear people being fatalistic about ransomware. They say we just must put up with it… I hear other people saying that everyone knows how to protect themselves: keep backups, be suspicious of phishing emails and keep your programs up to date…
I think it’s time to re-frame the problem.
Emails are still the primary entry point for malware, ransomware and other harmful programs. Company messaging is a weak point of information system security strategy. Equipping the information system with a virus and spam protection system reduces the risks of ransomware in companies. Choosing an externalized messaging system from a service provider will provide better protection, which makes it an additional security measure. It is a channel. But doesn’t this constitute entering a never-ending race?
To cope with these attacks, which are very frequent and increasingly sophisticated, internal awareness, vigilance and the use of secure tools are essential. Some companies think it would be cheaper to pay the ransom than to implement a data cleaning and retrieval procedure, but at WESTPOLE, we think it is better to anticipate and set up processes to foil the cybercriminals.
There is obviously a significant problem that many of us have not yet solved. This is the problem of weaknesses that we create ourselves and that become entry points for cybercriminals. WannaCry was so successful because it took advantage of an uncorrected vulnerability in Windows. The same applies to NotPetya.
What are these weaknesses?
First, a lack of fixes. Most organizations clearly do not have tried and tested protection and prevention routines that include patching their operating systems and applications, particularly those the creators of ransomware use to gain access.
Next, there are not enough reliable, validated backups. It also seems that users simply do not understand the threat, the consequences and the costs of a ransomware infection. But it’s not really their responsibility. They already have work to do in the field of accounting, or sales, etc.—not computer security! We also know that the more a user has access, the greater the ransomware infection surface. Finally, the last weakness: the single-level defence. A unique security solution such as an antivirus can only offer the company limited protection.
In this context, WESTPOLE advocates using DRaaS (Disaster Recovery as a Service), a valuable cloud-based model. Because these systems are separated from your environment, with different security measures and accounts and the fact it runs completely separated from the rest of your environment, we can provide an “air-gapped” copy of your backup data.
Furthermore, this approach offers complete post-incident recovery thanks to the replication of physical or virtual servers to allow switchover. The DRaaS, which is different from the classic on-site DR (Disaster Recovery) offering, allows critical applications to be operational almost immediately after an incident.
In the same way as other as-a-service models, the DRaaS approach offers significant advantages to companies of different sizes. The lower costs give small companies access to availability in cases where it would have been complicated to set up such a service internally. Larger companies can benefit from the scalability of the model. It suits their needs, which vary according to the number of servers, applications and databases used.
Finally, whatever the size of the company, the IT teams will save precious time that would have been spent on backing up. That is why the DRaaS approach is an increasingly popular option that should enjoy sustained growth, according to analysts. At WESTPOLE, we have taken the lead!