By Francis Kan
WannaCry, a rogue malicious ransomware which digitally encrypted computers and held their data hostage, swept the world in May. Before its rampage was stopped, it infected over 230,000 computers in over 150 countries.
This included key services such as the British National Health Service, Spain’s Telefonica, international company FedEx and German railway company, Deutsche Bahn.
It is this sort of danger that Serguei Beloussov (left), CEO and founder of Acronis, a leading player in the cloud space, is worried about. In particular, Mr Beloussov, 45, emphasised the urgent need for Singapore companies to adequately protect their digital data or risk major and sometimes irreparable damage to their business.
IMpact spoke to Mr Beloussov to better understand how business continuity management is fast becoming a mandatory part of a company’s considerations.
How significant is data in our everyday lives and how important is it for businesses to protect their data?
The trend is for digital data to penetrate every aspect of life, and technology like the IoT (Internet of Things) will deepen this penetration with self-driving cars, smart buildings and drones. Businesses and people are now living in the cloud. As such, every business, whether a restaurant or a laundromat, will inevitably have to deal with protecting their digital data from threats.
How serious are cyberthreats and what is the likelihood of a data breach?
Threats can come from everywhere, whether it's fire, theft or cybercrime like ransomware. Even in a safe place like Singapore, these things can happen. One of my clients told me that one risk to his data is his children running around his computer and knocking over his coffee!
Globally, an individual faces a cyberattack every 10 seconds, while a business is attacked every 40 seconds. So thinking that we might get lucky and ransomware will just pass us by is living in a dream.
Unfortunately, one out of five SMEs who paid the ransom never got their data back. (Editor’s note: This refers to ransomware in general, and not specifically WannaCry) Most of these companies were certain they were protected, but they discovered they had insufficient backup solutions only after disaster struck.
What is your view on the recent WannaCry attack? Is it a sign of things to come?
The recent attack was not just the biggest outbreak ever; it’s also a great example of how malicious hackers take advantage of existing vulnerabilities in one’s security. What’s even more unnerving is how most of the experts agree that the ransomware itself wasn’t that elaborate, it was actually pretty basic. Still, it managed to cause numerous major businesses to stall, hold hundreds of users in fear and endanger people’s lives.
Our friends in cyber forensics investigating this case say that version 3.0 is currently under development. I’m afraid, this is our new reality: if you don’t take a moment to update your data protection solutions, there will be people out there fishing for you.
Do you think more businesses will now be more serious about data protection?
Some of my colleagues think that people are still too lazy to be bothered with it, unless a disaster strikes them personally. But we’ve been noticing a major spike in interest – many of our existing customers are now expanding their packages for better protection.
What’s the first thing that businesses should do to prevent another WannaCry-type attack?
Any effective strategy for this has to be threefold. First off, apply updates automatically. Remember to regularly do backup. And lastly, install endpoint protection. Keeping tabs on the most recent cyber threats that are out there wouldn’t hurt as well.
More broadly, can you share a good common practice that businesses should follow to protect their data?
The most important way to protect against a threat is to have multiple copies of your data in different locations. The cloud is one place to keep a copy of your data safe and away from your main location.
Businesses in Singapore are slowly becoming more educated about the need to do backup, and the benefits of having a hybrid one that combines both-based cloud and on-premise backup software. Businesses here are also more sophisticated in terms of data protection, but it is still far from perfect. In fact, when a company feels safe, that is when it is at its most dangerous because you don't think you need to do anything, any more.
What are some of the challenges SMEs globally face in implementing such solutions? What about local SMEs?
Generally, businesses are not doing enough but as they experience disasters, they learn. Many companies in Singapore don't have the IT expertise to put in place adequate protection. Some don't even realise how important their data is. They will need to find external experts like IT consultants or a vendor to provide this knowledge and expertise.
It is important that the solution’s software is cost effective, yet easy to use. The main reason why companies don't implement solutions is because it is hard to set up, difficult to use, and often expensive.
Most local SMEs have some protection in place but it is usually not good enough. They need to realise the crucial importance of data management – not just backup and disaster recovery, but also data storage and monitoring, among others. They need to be aware of the various benefits those solutions can bring to their business. It’s not even so much about awareness, as it is about a changed mindset that involves thinking ahead.
Looking ahead, what new innovations do you see emerging in this space?
One area is in active protection where our solution is able to detect and prevent ransomware attacks in real-time, while automatically recovering all data.
Another area is in data authenticity. In the digital world, it is very easy to alter data. One of our latest solutions uses blockchain technology to ensure that data is authentic.