Learn About Cyber Resilient Architectures that Protect Data from Ransomware

Ransomware attacks are among the most egregious cybercrimes facing businesses today. They can disrupt operations, damage your reputation, and lead to escalating recovery and remediation costs.

Ransomware is an advanced form of malware that uses complex algorithms to encrypt your data and lock you out of your systems. Threat actors demand a ransom—usually in cryptocurrency to protect their identity—in exchange for a decryption key to restore access.

Modern ransomware attacks often use a double extortion method: not only is your data encrypted, but it is also exfiltrated, with attackers threatening to publicly release it if you do not pay.

In this solution playbook, you learn about Cybersecurity measures to "Protect and Detect" your environment, and Cyber Resilience strategies to "Respond and Recover" your data from ransomware.

About the NIST Cybersecurity Framework

The NIST cybersecurity framework which calls out defensive best practices centered around the security continuum and the CIA (Confidentiality, Integrity, and Availability) Triad, and is best described using the following:
  1. Protect: Prevent a threat to either data confidentiality, integrity, or availability.
  2. Detect: Detect anomalous activity that may be construed as evidence of attempted and/or successful malicious activity.
  3. Respond: Address, deter, and counteract a successful compromise.
  4. Recover: Assume that the compromise has occurred and use mechanisms to restore an environment to a known good state.

About the Cyber Triad

In the early days of cybersecurity, the focus was primarily on preventing attackers from entering networks. However, as threats became more sophisticated with the rise of advanced viruses and malware, it became clear that prevention alone was not enough. In addition to prevention strategies, detection techniques were introduced to identify and flag attackers that breached the firewall.

Today's antivirus and malware solutions can't keep up. Attackers increasingly make their way into the internal networks where they sit dormant, move laterally, and orchestrate sophisticated ransomware attacks.

Description of oci-cyber-triad-venn-diagram.png follows
Description of the illustration oci-cyber-triad-venn-diagram.png

To avoid being a victim of extortion, supply chain disruptions, and operational shutdowns that often accompany ransomware breaches, Oracle recommends that your cloud architecture addresses the cyber triad:

  • Cybersecurity
  • Cyber resilience
  • Disaster recovery

By considering all three aspects of the cyber triad, your organization will be well positioned to recover from ransomware while meeting your organization's RTO (Recovery Time Objective) and RPO (Recovery Point Objective) requirements.

While enhancing your OCI environment security, retain focus on the core security fundamentals and disaster recovery methods to ensure availability of your workloads. For example, if you replicate data that has been compromised, your recovery site will be affected in the same way as your primary site and does not address the problem of preventing deletion, encryption or modification by threat actors.

Designing a cyber resilient architecture protects your backups and ensures that you determine if a threat actor modified, deleted, or tampered with the data before restoring it.

Bringing together the cyber triad, traditional security measures, and disaster recovery helps you ensure cyber resilience and better prepare your organization to recover from ransomware.

Note:

High availability and disaster recovery are important parts of your architecture, but they are outside the scope of this solution playbook.

Before You Begin

Before you can begin setting up cybersecurity, deploy the foundational Core Landing Zone using the Deploy a secure landing zone that meets the CIS OCI Foundations Benchmark reference architecture.

Review these related resources: