Adopting a new cybersecurity mindset on the road to recovery
It is no secret that ransomware has been on the rise in the last 12 months. In fact, the UK has been ranked number 10 on the list of countries worst affected by ransomware in a new report commissioned by Google.
Just days after the publication of Google’s research findings, Lindy Cameron, who heads up UK’s National Cyber Security Centre (NCSC), warned that ransomware now presents "the most immediate danger to the UK” and went on to note that despite the increasing volume of attacks many organizations have no incident response plans in place and rarely test their cyber defenses."
With companies and public sector organizations now facing a daily onslaught of targeted malware, ransomware and hacking attempts, this needs to change. Because the rapid digitization of core services undertaken in response to the pandemic, combined with increased reliance on the cloud, means that the way organizations do business has changed forever.
For business and IT leaders, this should serve as a wake-up call, because the cybersecurity risks they face have multiplied in tandem, thanks to today’s distributed workforces and increased number of new attack vectors that cybercriminals can now target.
Which is why managing and mitigating IT disruption caused by external attacks such as ransomware should now be top of the security agenda.
It’s time to shift to a 'when' not 'if' mindset
In today’s hyperconnected world, enterprises large and small need to accept that being targeted by cybercriminals is no longer a question of if, but when.
Historically, IT teams have invested their security efforts primarily on breach prevention. But it requires near limitless resources to fix every potential cybersecurity vulnerability and the fact of the matter is, regardless of how much investment goes into protection, eventually something or someone will penetrate these defenses.
When IT and security teams acknowledge this reality, it becomes possible to shift to a more pragmatic and strategic security approach that aims to ensure the organization can recover fast from a cybersecurity event and get back to business as usual -- with zero data loss.
By implementing tools that deliver disaster recovery and continuous data protection (CDP), IT teams effectively regain control of their destiny and can’t be held to ransom by external threat actors that are intent on disruption or extortion.
In other words, recovery becomes a powerful defense against the threat of a malware attack. Rather than a last resort, when all else fails.
Rethinking data protection strategies with recovery in mind
There are significant benefits to be gained adopting a different approach to cybersecurity and data protection based on recoverware concepts and products that restrict data loss to a matter of seconds, while limiting recovery time to minutes. A quick comparison with traditional approaches to dealing with ransomware helps to illustrate why.
In the event of a ransomware attack, organizations that typically undertake periodic backups and snapshots will struggle with recovery and data loss. The moment their network and file servers are infected with ransomware, the only recovery option is to restore from disk. This can result in hours or days of data loss, along with extended recovery times that can take weeks to complete.
What sounds great in theory is beset with pitfalls in practice. For example, if an organization is unable to restore data from one of its disk-backups then it will need to send tape files to an outsourced data restoration specialist. Even if data is then recovered, the recovery points may be different times with significant gaps. All of which has significant implications in terms of the overall quality of the recovery process as file servers are reconstructed, files are restored, and testing is undertaken before the business can return to business-as-usual operations.
This can be a make or situation for enterprises that will have to deal with the fallout relating to downtime, lost revenue, potential compliance breaches and disruption to customer relationships. In the event of a major ransomware attack, full recovery in a commercial and reputational sense, is less than guaranteed.
A better alternative -- instant ransomware recovery
By contrast, technologies like recoverware enable IT organizations to improve data protection, reduce data loss and recover data more quickly. Indeed, the highly granular nature of CDP recoveries means that IT organizations can select a recovery checkpoint immediately before the ransomware attack and instantly recover, test, and reconnect servers to the network.
For enterprises that need to assure they are appropriately prepared to counter today’s elevated cyberthreat landscape, building recovery into the standard playbook for defeating a ransomware attack is a smarter and more logical approach. One that will enable businesses to move fast to minimize the impact of an attack and get back to business as usual with the minimum of time and effort.
The ransomware threat does not appear to be slowing down, so data protection is unlikely to get any easier going forward. For UK companies that need to assure their post-COVID recovery plans go without a hitch, now is the time to rethink their organization's response to a ransomware attack.
Recoverware provides the safety net that’s needed against malware attacks that will inevitably make it into the system. Providing continuous data protection, immutable backups and fast recovery options that eliminates any need to worry about having to pay a ransom to assure recovery.
Image credit: Andrey_Popov/ Shutterstock
Chris Rogers is Technology Evangelist at Zerto, a Hewlett Packard Enterprise company