Many IT vendors and companies see ransomware as one of the most dangerous threats. After all, ransomware has been prevalent for years and will probably remain popular for a long time simply because there is a lot of money. However, there should be fewer victims if it is up to Datto CISO Ryan Weeks. “Instead of having a cybersecurity program, SMBs and Managed Service Providers need to build a cyber resilience program.”
We initially spoke to Weeks about trends in the cyber landscape and how Datto is adapting to them. He mentioned that Datto encounters many cyberattacks, as affected organizations often depend on Datto’s help. MSPs and SMBs deploy Datto’s disaster recovery and backup technology, which is necessary when recovering from cyber incidents.
According to Weeks, ransomware has been a major threat to MSPs and SMBs for years. An infected MSP often serves as a gateway to the companies it does business with. Weeks talks about a business model that works for cybercriminals. Successful attacks sometimes pay hundreds of thousands or millions of euros. “The number isn’t decreasing. I believe ransomware will continue to exist”, Weeks says.
Also read: Why cybercriminals use forums and the dark web on a large scale
Assuming you have been or will be hacked
Therefore, companies do well to adapt to the ransomware reality. After all, they have been warned for years. Those responsible for companies’ security policies are aware of this as well. Many will therefore be looking for the right approach. Weeks sees a cyber resilience program as the ideal approach. The question is, of course, how this approach is put together, and whether it actually brings about change (the magic bullet has been sought for some time). In any case, Weeks believes it’s the more effective method of working.
The Datto-CISO indicates that the new way of thinking assumes that your company is or will become a victim of ransomware. This hypothesis also changes the mentality, Weeks says. Instead of a sole focus on protection and prevention, companies also focus on detection, response and recovery. This allows you to be prepared for the worst-case scenario and intervene on time. There’s a step-by-step plan at hand for when a successful ransomware attack unexpectedly occurs. “That way, a company is truly resilient and able to recover as quickly as possible after a ransomware attack”, Weeks says.
Tip: SentinelOne is the flight recorder for endpoint protection
New protection and recovery capabilities
Thus, Datto added new functionality to its products. One of the most important additions concerns Cloud Deletion Defense. First and foremost, the functionality responds to the tactic of cybercriminals targeting backups. If they obtain and delete backup data, one of the last lines of defence is gone. This makes it harder for a company to recover from the attack, making them more likely to pay. According to Weeks, Cloud Deletion Defense ensures backups are always available for recovery. “We have made it impossible for hackers to destroy cloud copies. We can help with recovery, even if local copies are destroyed”, explains the Datto-CISO. There is, as it were, an additional layer of defence to regain access to deleted cloud snapshots. As such, Cloud Deletion Defense only works for Datto Cloud Snapshots. When an agent is deleted, the corresponding cloud snapshot is typically deleted as well, which the new feature counters by offering the possibility of restoring data.
Ransomware Detection also adds a protection feature to Datto Remote Monitoring and Management (RMM). RMM allows MSPs to remotely monitor, manage and support endpoints. Ransomware Detection monitors endpoints for unusual encryption activity. In the event of suspicious behaviour, it immediately attempts to terminate the ransomware process. It also isolates the affected device to prevent ransomware from spreading through the network. The RMM feature should allow MSPs to monitor ransomware at scale and act proactively. Risks are addressed before the customer’s business is compromised.
Weeks points out that Cloud Deletion Defence and Ransomware Detection are two particularly important innovations in the fight against ransomware. However, BitDam is also noteworthy, a cyber threat detection startup that Datto acquired. BitDam’s technology focuses on securing collaboration platforms such as Zoom and Microsoft 365. BitDam is built to prevent multiple cyber threats, including phishing and ransomware. For example, it stops zero-days with unknown malware signatures. BitDam technology should play a more active role in Datto’s strategy.
Efforts to change things
All in all, ransomware is a threat security professionals have been warning about for years. Yet, the right approach remains up for debate. Datto sees its cyber resilience approach as the right course of action, whereby you assume that you have been or will be hacked. New features and investments demonstrate its commitment to this approach. Datto is expected to remain committed, because although Weeks believes in a radically different way of thinking, he also suspects that ransomware will be with us for some time to come.