As organizations work to become more resilient in the face of ransomware, many are willing to try almost anything for their peace of mind – whether it is using multiple different solutions to treat different parts of their business or abstaining from specific cybersecurity practices to build upon existing ones.
Businesses typically look to other businesses for advice on where to start bolstering their cybersecurity practices; however, I believe that they should look to resilience in the world around them for inspiration.
For many reasons, the world has a lot to learn from Ukraine. Their resilience despite a constant barrage of both physical and cyber attacks is admirable, and something organizations worldwide should pay attention to. Despite repeated attacks, they have come back stronger, which is hard to do in the wake of a nation-state attack aimed at crippling their defenses and weakening their nation’s computing infrastructure.
You might wonder why an adversary would spend so much time, energy and resources on attacking Ukraine’s cyberspace – but to any cybersecurity expert, the reason is clear. In 2023, one of the most effective ways to impair a nation is to disrupt its ability to send and receive information, verify accurate information, and communicate securely.
At this point, the war on Ukraine has now been going on for over a year, and yet their computing and communications infrastructure has not cracked. Several key lessons stand out.
Establish Reliable Infrastructure
In today’s world, we are inundated by cloud and SaaS workloads, but building a resilient infrastructure is crucial. They established a relationship with Starlink to ensure they had access, because without internet access you do not have a business.
Your organization can take a similar approach. Make sure that in the event of an emergency, your backup communications channel can take over if your primary one is down. A best practice is to use load-balancing software to ensure that the “backup” is actually used to augment the primary even in the best of times. When the primary goes down, the backup method takes over.
Back Up Your Data Immediately
Ukraine began backing up as much as it possibly could to the cloud when the first sign of disaster struck. They sent their data directly to the cloud, enabling full flexibility and simplicity when the data needs to be retrieved.
This method allows them to restore anything anytime, no matter how many times physical data centers are infiltrated, impacted, or destroyed; they can easily restore it using their air-gapped cloud-based copy.
Therein lies the beauty of SaaS-based backup services – they are not subject to the same attacks to which your computing infrastructure may be subjected.
When you think about the worst things that can happen to your data center – from a ransomware attack to physical destruction – your cloud copy will be ready for recovery at a moment’s notice.
Cloud-First Approach
Ukraine adopted a cloud-first approach to its infrastructure as they prepared to respond to Russia’s invasion. Cloud-first ensures that Ukraine reaps the benefits of modern organizations: simplicity, ironclad protection, and ease of use.
The more parts of the cloud-first approach that are adopted, the more challenging it has been for Russia to enter and attack its cyber infrastructure. Decentralized, SaaS services based in the cloud make it more challenging for an attacker to take down a whole cyber atmosphere, or physically attack a data center.
It is important to remember, however, that SaaS services that create, receive, or send data need to be backed up just like their data center counterparts would be.
The cloud is amazing, but it is not magic.
Keys to Success
Finally, the true key to Ukraine’s success has always been practice, practice, practice. While Russia may have started its physical invasion in February 2022, they’ve been hounding and attacking Ukraine long, long before this. This has given Ukraine plenty of practice in securing data as well as preparing for and recovering from a ransomware attack.
Of the many lessons from Ukraine, I encourage businesses and organizations worldwide to adopt these tools to use in their own individual practices. Just like with Ukraine, the key to being successful when recovering from a cyber attack is the same: a lot of practice.
Do everything from tabletop exercises to actual test recoveries of your environment. Some of the most effective practices organizations can take part in include ransomware fire drills, test runs of new technology with employees, and testing your backup by manually erasing non-critical data. These tactics together will help develop muscle memory of how to do things during an actual attack.
When it comes to mission-critical data, it’s never about if an attack will happen – it’s when. So instead of waiting around for disaster to strike, learn from Ukraine, practice, practice, practice. Protect your data with air-gapped, fully secured backups, and test your recoveries. You’ll be ready for an attack when it comes.
The views expressed here are the writer’s and are not necessarily endorsed by Homeland Security Today, which welcomes a broad range of viewpoints in support of securing our homeland. To submit a piece for consideration, email editor @ hstoday.us.
