Common Threats Need Shared Solutions

Let’s be sure: No one celebrates cyberattacks, except the thieves who get away with them. But here at Carbonite, we keep a running tally of the number of businesses we’ve bailed out from having to pay ransoms to cyberthieves. And if we’re being honest, rescuing data that’s being held hostage by criminals is a source of pride for us, both personally and professionally. But coming from a business with its own data to protect, it would be better if we didn’t have to do it. And because we’re a business with critical data to protect, we’re especially sympathetic to the businesses that fail to protect themselves adequately. All too often, it’s because they aren’t fully aware of the nature and deceptiveness of the attackers.

Too many businesses–especially small to midsize ones–make the mistake of thinking their firewall and antivirus software are sufficient. No firewall or virus-detection method can catch all viruses. Even the best anti-virus software will fail to detect the latest threats. Many of the businesses we rescue suffer from a common vulnerability: a false sense of security that IT can unilaterally handle the full landscape of cyberthreats. Here’s some information to help your customers know why backup protection is essential for addressing the attacks that manage to bypass their first lines of defense.

3 Tricks Hackers Use to Evade Firewalls and Antivirus 

1. Polymorphic code: A form of self-modifying code that changes each time it runs.

Related: Polymorphic encryption, oligomorphic code

2. Shellcode: Uses the command shell to give an attacker control over a machine.

Related: Staged shellcode, egg-hunt shellcode

3. Social engineering: Tricking employees into clicking on malicious links.

Related: Spear phishing, fake anti-virus

How Vulnerable Are Your Customers?

Consider this number: 11,932

That’s how many businesses we’ve helped recover files after bad actors infiltrated their systems.

And counting …

How to Thwart Cybercriminals 

Did you know:

Malware cannot spread to files that are encrypted and backed up.

Pro Tip:

Be sure to wipe malicious code completely from the system before you restore backup files to prevent the virus from spreading.

How to Tackle the Most Common Threats

The automation of backup addresses one of the biggest vulnerabilities: employees. Of course, you’ll never get all employees to stop clicking on malicious links. Here are five sets of do’s and don’ts for using backup to mitigate cyberattacks.

1. Do: Implement consistent, global backup policies

Don’t: Let employees improvise their own solutions.

2. Do: Use encryption at each step in the backup process.

Don’t: Allow data to exist in an unencrypted state.

3. Do: Look for large spikes in backup sizes, which could be a sign of ransomware.

Don’t: Expect the virus or ransomware to identify itself right away.

4. Do: Enable point-in-time recovery so you can turn back the clock on an infection.

Don’t: Keep files for longer than the document-retention policy requires.

5. Do: Expect that your customers will be targeted by ransomware attack.

Don’t: Wait until it’s too late to deploy enterprise-wide backup.
 

Backup: When All Else Fails

If your customers are using Carbonite to back up their servers and endpoints, there’s a good chance you can recover clean versions of files and data as they existed before there was a breach on the system. This is what works for us, and it will work for you. If customers are under the impression that firewalls and antivirus are sufficient to keep them protected, let them know how easy those measures are for cyberthieves to bypass using the tactics mentioned above. Then maybe share with them how many businesses we’ve had to help when firewalls and antivirus measures failed to work. If more businesses took simple measures to protect data–like deploying a comprehensive backup and disaster recovery solution–it could deplete a highly profitable source of revenue for cybercriminals, who have no business being in business.

This guest blog is part of a Channel Futures sponsorship.