Countering the risk of ransomware with operational continuity

In recent years, organizations all over the world have been hit by increasingly sophisticated ransomware attacks. For some, the impact is so severe that normal business operations experience major disruption with a knock-on effect on customers and revenue. For others, the impact can last weeks or even months as they seek to restore IT services and access to vital data.

Since the start of last year, for example, organizations across a huge range of sectors -- from oil and gas to food -- have seen their services impacted by ransomware. KP Snacks suffered an incident that brought its supply chain to a halt, with the company unable to process orders and dispatch products. And most recently of all, The Works, a retailer with over 500 stores across the UK, was forced to close some outlets after an employee reportedly fell victim to a phishing email that introduced ransomware to their infrastructure.

What ransomware incidents have in common is that the applications and services required to keep businesses running rely on access to data, which once encrypted by the attack, becomes unavailable. Historically, the problem many victims discovered was they relied too heavily on daily backups -- a situation incompatible with modern digital commerce where information that is only a few seconds old has become mission-critical.

In response, a variety of data backup technologies have moved from tape and remote disc to cloud-based services, with updates taking place at a specified daily, weekly or hourly time. However, cybercriminals have continued to push the boundaries of data protection, using ransomware to attack backups. In this situation, organizations can once again find themselves in a position where they can’t quickly recover and still suffer significant downtime to critical applications.

Continuous Data Protection

To achieve a recovery of minutes, not hours/days, many are turning to Continuous Data Protection (CDP) to improve Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO). It’s an approach that can ensure every change made to an application is protected as it occurs, allowing organizations to recover to a state seconds before an attack.

Implementing CDP allows organizations to aim for recovery within minutes instead of hours, helping to ensure normal business processes can resume rapidly and without potentially damaging interruption. But, in planning and implementing a CDP strategy, organizations should focus on a range of key issues, beginning with continuous availability.

Specifically, the primary objective should be to recover from an attack in a matter of minutes to minimize data loss. As a result, it’s important to focus on potential vulnerabilities and how these might contribute to the risks presented by ransomware attacks.

Also key is workload mobility, where CDP plays a vital role in enabling teams to move virtual machines from one environment to another without downtime or interruption. This also includes migration and consolidation projects where data may also be at risk.

In addition, CDP planning and implementation should also consider multi-cloud agility so applications can, for instance, be moved from legacy on-premises environments to public cloud infrastructure. This is an increasingly important consideration for the many thousands of businesses looking to modernize their infrastructure strategies and benefit from the wide range of advantages providers can now offer.

But how does this work in practice? One real-world example helps illustrate the difference between the impact of a ransomware attack on infrastructure without CDP and a second incident after it had been implemented:

In the initial attack, the victim was relying on backup tapes and storage snapshots to protect its data. When ransomware infected its file servers, however, the IT team was unable to restore data from backups stored on disk and had to employ a specialist data restoration company to recover its data. Not only did that process take two weeks, but the result was that more than 12 hours of data was permanently lost.

As a result, the company invested in a CDP solution to protect its data more effectively. Soon after, however, it suffered a second ransomware attack but on this occasion, its data was being protected in real-time. As a result, it recovered in just a matter of minutes and experienced just a few seconds of data loss. The net business impact was minimized and it was able to maintain normal operations with zero downtime.

In the current risk environment where ransomware attacks in the UK have doubled in the past year, organizations focused on protecting their data and avoiding expensive downtime are under increasing pressure to raise their game. Those that do will be ideally placed to meet the threats posed by cybercriminals head-on and avoid the serious disruption and cost associated with ransomware.

Image credit: AndreyPopov/depositphotos.com

Christopher Rogers is Technology Evangelist at Zerto a Hewlett Packard Enterprise company