Business continuity in the age of ever evolving ransomware
Ransomware are a growing threat to business operations and reputation. In this article Peter Godden explains how business continuity and disaster recovery technologies can help to provide protection against such attacks.
Every day seems to bring with it news of another ransomware attack or a new strain of the malware. It seems likely too, that there are a lot more incidents than we read about. Incidents where companies paid up rather than openly declared they had been targeted and that their data had been at risk. The simple fact is that ransomware attacks are working. Data is one of the most important assets an organization has and the price of paying the ransom is often a lower price than losing the company’s data, reputation and possibly the entire business. With strains evolving in sophistication and now reportedly capable of encrypting an entire network, no company is safe sticking to the narrow view of ‘keep the virus out’.
Effectively defeating the threat of ransomware means being able to recover critical applications and data within minutes. Backup solutions and firewalls alone do not offer this. Businesses need comprehensive business continuity and disaster recovery capabilities that deliver fast recovery point objectives and recovery time objectives. The challenge is that many business continuity and disaster recovery plans involve limited, technical point products, which many organizations already have some form of backup process in place for standard audit requirements as mandated for highly regulated industries. However, when a disaster does strike, it is the first few minutes that are critical and businesses need to be able to recover within those minutes, not hours, and as completely as possible. Relying on incomplete backups taken 12-24 hours previously could take hours to restore, leaving businesses with downtime they cannot afford and which more worryingly could have been avoided.
Too often in businesses, IT takes a very single minded view on security, simply focusing on the detection and prevention of intrusions. A more comprehensive and holistic approach involves a three-pronged strategy to augment the detection and prevention of intrusions, which includes the fast recovery of critical data and applications such as SAP, Oracle, or SQL once an attack has occurred to ensure uninterrupted business operations.
With proper disaster recovery processes and supporting technologies in place which provide instant access to data in the event a virus does break through, then the impact can be highly minimalised. Advanced disaster recovery platforms can help to avoid downtime by allowing organizations to go back to the second before a file, application, or folder was corrupted, deleted or infected. This allows organizations to nullify ransomware as they neutralise yet another ‘criminal disaster’ and resume business as normal within a matter of minutes.
Protecting against a virus is of course the first line of protection but this is proving more difficult as malware continues to evolve and progress. Working from backups is time consuming and often out of date, but advanced disaster recovery can allow the business to recover from an outage or virus by re-winding their VMs to a point in time where the infection simply didn’t exist. This negates the need to pay any ransom and allows businesses to get back up and running within minutes avoiding any costly downtime.
Successfully meeting internal and external compliance initiatives after a disaster is an added pressure for organizations with highly sensitive data, such as the healthcare, financial, legal and public sectors. These are the very sectors that seem to be the immediate focus of current ransomware attacks. In the event of a disaster or a malware infection, these organizations come under increased pressure from regulatory bodies and the public. Failure to comply or recover data within an adequate amount of time could result in costly fines and other negative repercussions. It makes good business sense, to invest ahead in disaster recovery than pay either ransoms or fines later down the line.
In the digital age data is crucial to running nearly all businesses. As ransomware threats increase and the strains become more destructive, having a comprehensive business continuity and disaster recovery strategy in place is paramount. If, instead of having to discuss the options of paying or losing your data, you can instead restore back to seconds before the attack even took place, then you can have the power to keep render ransomware attacks irrelevant and keep your business up and running.
Peter Godden is VP, EMEA at Zerto.