4 Simple Ways to Help Stop Cyberattacks

The rapid evolution of ransomware strains, social engineering tactics, and AI-powered attacks can make cyber resilience seem like an impossible battle. But there’s more to cybersecurity than trying to outsmart attackers. While it’s true that more sophisticated threats call for more advanced defenses, there are also surprisingly simple measures you can take to significantly reduce your risk.

In this blog, we’ll explore four easy-to-implement data protection best practices, their role in a multi-layered cyberdefense strategy, and how Commvault helps customers put them to work.

1. Deploy pre-hardened images.

The strongest lock can’t help you if you leave your windows open. A full 23% of cloud infrastructure attacks involve common configuration vulnerabilities like overly permissive network policies, unnecessary services and ports, and non-secure protocols. Close these gaps and you’ve already made a big difference for the security of your attack surface.

Why do so many companies leave commonly exploited vulnerabilities in their cloud environments? Often, they’re simply moving too fast to make sure the images they deploy are secure. But Commvault can help take care of that step for them.

Commvault Cloud Platform is available in pre-hardened images that have been configured to align with Center for Internet Security (CIS) benchmarks. These built-in best practices help reduce vulnerabilities by:

• Changing default software settings such as password policies, account lockout settings, and logging levels to prioritize security.
• Disabling outdated or insecure protocols like SMBv1, SSLv3, and RC4 Cipher.
• Disabling unnecessary services and closing unused ports for operating systems and applications.
• Removing shells that can provide pathways for attackers to execute malicious code.

Beyond these CIS-hardened images for new deployments, Commvault also can provide scripts for customers to validate and harden the configurations of their existing environment. By rooting out common vulnerabilities that come from misconfigurations, we help prevent open windows from inviting attacks.

2. Protect Active Directory.

As your central control hub for access and authorization across your network, Active Directory (AD) is both a prime attack target and a lethal attack vector. For bad actors, penetrating AD is like stealing your building key card, allowing them to move silently through your environment, elevate privileges for critical applications and data, and establish a base to control your business assets. They also can lock out legitimate users, bringing your business to a halt. To block these tactics, you have to protect AD data and roll back any changes they manage to make.

Commvault can help you safeguard AD from attack by protecting your group policy objects, users, groups, conditional access policies, roles, and more. If any harmful changes are made – either intentionally by attackers or mistakenly by your own admins – you quickly can recover any deleted objects or restore overwritten attributes. To keep things simple, we also provide the granularity to roll back only the object attributes you’re concerned about without needing to do a full AD restore. Though if you do need to restore the whole AD environment, we make that simple as well.

3. Keep backups beyond the reach of ransomware.

Virtually every ransomware attack targets backup infrastructure as well. After all, if organizations can simply restore their compromised assets, the initial attack falls flat – no ransom needed, no payoff for the attackers. That makes frequent, secure backups the silver bullet of ransomware defense. 

There are many ways to protect backups, but air gapping stands out as a uniquely elegant and effective measure. It’s simple: If your backups can’t be accessed from inside or outside your organization, there’s no way for attackers to reach them to manipulate or delete them. Even if all your other defenses fail and your primary data is encrypted or deleted, you’ll be able to recover quickly and get back to work.

Commvault enables air gapping with our Air Gap Protect solution. We store a tamper-proof secondary copy of your backups in an immutable format in secure, isolated cloud storage. No matter what happens on your corporate network, you’ll still have a clean, uninfected copy of your production environment to restore. That’s a win for you and a loss for the attackers.

4. Require multi-person authorization.

Most companies already rely on multi-factor authentication (MFA) to prevent unauthorized access, as well they should. But in today’s lethal threat environment, some situations – like deleting a backup or authorizing a restore request – call for even higher levels of scrutiny.

Multi-person authorization goes beyond MFA by requiring not just a second proof of identity for the same person, but approval by an entirely different person – or even multiple people. That way, even if attackers gain control of multiple authentication factors, such as compromising both a user’s account and their device, they still won’t be in a position to act. The same holds for a malicious insider: With additional approvals required, a rogue employee can’t carry out an attack on their own. 

Commvault solutions let customers enable multi-person authorization workflows for a wide range of tasks that can be considered destructive, including:

• Stopping a backup process for a system, server, or file share.
• Deleting or restoring a backup.
• Deleting agent or backup set authorization.

Admins can configure the number of approvers, user groups, and specific users required to authorize specific tasks.

If you’re not applying all four of these measures, you should. We’d never claim that they make up a comprehensive cyber defense strategy – you’ll still need to do all the other things, from analyzing threat intelligence and managing vulnerabilities to building out your security stack. But when steps this simple can significantly reduce your risk, the only question to consider is how soon you can get started.

Learn more about how Commvault Cloud can help you protect your network from cyberattacks with a multi-layered defense strategy.