When it comes to ransomware recovery, time is of the essence, and enterprises must act quickly to protect their data. Therefore, it’s time to think outside the backup box.
Aug 19, 2021
This article was first published in Infosecurity Magazine.
In recent months, ransomware has once again been dominating the headlines. With the Health Service Executive in Ireland and JBS — the world’s largest meat processor — becoming the latest in a long line of high-profile organizations to fall victim, it’s clear that no-one is immune, regardless of sector.
This latest spate of attacks highlights the impact that ransomware can have on the individual organization and the general population. Whether it’s a shortage in the food supply chain or the inability to access critical healthcare services, individuals worldwide are realizing that ransomware could have serious implications for us all. So much so that, recently, FBI Director Chris Wray labeled the recent attacks on the US as a national security threat. Meanwhile, the head of the UK’s National Cyber Security Centre recently confirmed that ransomware had become the biggest threat to online security for both businesses and individuals.
The reality is that, when it comes to ransomware, it’s often not a case of if an organization will be attacked, but when. So, a strong recovery plan is essential. Unfortunately, many are putting their mission-critical data at risk by still relying on outdated and ineffective solutions and methods. The time to change this is now.
The recent attacks expose a major flaw in data protection. For years, traditional backup solutions have been the de facto safeguard against ransomware, but modern ransomware attacks also target backup copies. Traditional backup solutions do not provide the necessary safeguards to protect data copies against ransomware attacks, making recovery extremely difficult.
Backup was designed in another era when slow restores were acceptable. Its data often needs to be restored to another location, then connected and opened by a database application. This requires multiple admins working together over a complex and drawn-out process and typically takes hours to complete. To make matters worse, if the restore fails or the wrong point in time is restored — for example, when data is still encrypted — the process must be repeated, which can take days.
This is time that many organizations simply do not have to spare. Every day, hour and minute spent trying to restore data through legacy backup systems could be costing millions in lost productivity and revenue. It’s unsurprising that many victims — like JBS — weigh up the options and decide they have no choice but to pay the ransom.
However, the issue is that paying up does not guarantee that access to data will be returned. It also doesn’t necessarily mean operations will automatically resume. In fact, recent research revealed that 92% of organizations that pay a ransom fee don’t get all their data back in return. To make matters worse, another report found that of those that pay a ransom, 80% are likely to be attacked again, often by the same threat actors. So, if the consensus is that paying attackers is ineffective both short and long term, how can business and security leaders win the war on ransomware?
As technology advances, so does the sophistication of cyber-attackers. Today, everything is connected and applications are critical infrastructure. It’s no wonder that legacy solutions — such as once-a-day backups — are no longer effective. When it comes to recovery, time is of the essence, and enterprises must act quickly to protect their data. Therefore, it’s time to think outside the backup box.
A modern defense strategy against data extortion needs to yield same-day detection, response and correction. It also must address a wide range of threat vectors such as data encryption, backup corruption and business disruption. To add to this, security leaders and their teams must conduct root cause analysis, especially on data, to uncover issues and prove culpability.
The best tools on the market will provide continuous protection, so an organization can recover to any point in time. They will also cut out restore time by automating with the rest of the infrastructure so teams can immediately access databases and applications. By isolating ‘good’ data in a tamper-proof, read-only repository, organizations can even add an extra layer of protection to mitigate against more sinister attacks and eliminate the risk of compromised insider identities being used to delete protected data in conjunction with a ransomware attack.
In a world in which ransomware is big business and often highly effective and lucrative for the perpetrators, organizations and leading bodies and governments around the globe need to get one step ahead of attackers. Whilst there is no single silver bullet for cybersecurity, upgrading legacy solutions and implementing a strategy which focuses on quick and effective recovery and incorporates the modern data protection solutions could be the difference between an organization surviving or collapsing when the hackers inevitably come knocking.
Learn how Delphix closes a critical data gap in ransomware protection for enterprises, providing continuous ransomware detection and data observability.