September 28, 2022 | By Ryan Felkel
It’s not a secret that ransomware in itself is a disaster. All it takes is looking at the facts and figures:
- The average ransom paid today is $170k.
- The total cost of an attack has reached $1.85 million.
- 35% of data is lost on average and lost permanently.
In today’s age, data is the new gold. You might be shocked, but your client and proprietary information is truly worth that much to a cybercriminal. Chances are that you may feel comforted knowing you have a full backup strategy in place, but the truth is that even a full backup strategy will not protect you from data loss in the event of ransomware.
Here’s a real-life example: Colonial Pipeline paid hackers nearly $5 million even with backups in place.
You read that right. Even with a plan set in place, you’re not immune to the risks associated with ransomware attacks. But, there is some light at the end of the theoretical ransomware tunnel. Today, there are countless tools and strategies you can implement to help you create a solid defense strategy before an attack even occurs, as well as a rapid, effective response in the event of an encounter, breach, or attack.
In a recent webinar with Veeam, an information technology company specializing in backup, disaster recovery, and modern data protection software for virtual or cloud-based infrastructures, we discussed the topic of ransomware preparation and response. Today, we’ll highlight some of the key takeaways that organizations need to keep at the top of mind if they want to protect their data from cyberattacks.
The Rise of Immutability:
Ages ago, before ransomware was as popular of a threat, organizations set up structures for data storage and backup. Now, in our increasingly digital and intelligent world, these outdated systems are no longer as secure as you might hope. What many enterprises are noticing is that they need to redesign the structure of their data backup systems to reflect the changes to modern society.
One such solution to their woes — embracing immutability.
Immutability became popularized because attackers were gaining access to backup and replication tools, deleting the data before crypto-locking or attacking customers. Essentially, this means that hackers were able to tamper with, modify, and delete data without encountering any larger protective measures.
To combat this, many organizations have adjusted to take on an immutability approach, or one that effectively throws up a brick wall against attacks. When your data is stored with immutability, it is safe from tampering and deletion.
Furthermore, and possibly more critical, your data mover is still highly susceptible to an attack even with immutable backups in place.
Protecting the Data Mover:
As we stated before, backups alone are not a safe disaster recovery plan. Attackers are now going after the data movers, where they can start reading/writing/modifying backups. In most cases, the criminals start disabling, wait for the immutability timer to run out, and then delete the data. You are not safe from ransomware unless you’re protecting that data mover itself. You can protect your data mover with the following changes:
Authentication isolation
- Segmented networks for backup infrastructure
- Hardened repos & offline mode
- Automated firewall rules (turning on and off on a schedule)
- Backup encryption
- Backup platform diversity vs production
- Offsite backups:
- Limited authentication methods
- Authentication isolation
- Diverse encryption key
Get details on what these changes mean and how to invoke them in this recent webinar from Veeam and Opti9.
It’s important to note that simply paying for the right hardware does not protect your data mover. These protection settings are not the default and can be quite cumbersome to construct. They need to be configured correctly and with the correct protections to be effective. Aside from protecting the data mover, organizations need to be mindful of another aspect of ransomware: their disaster recovery plans.
Shedding A Spotlight On Disaster Recovery:
Especially after recent ransomware cases proved the fallibility of backups, many enterprises are now asking: How are my backups different from disaster recovery? Is my disaster recovery plan protecting me from ransomware attacks? Here are a few key differences.
Backups:
Goal: provide long-term and historical point-in-time checkpoints to restore from.
- The actual copies of critical data give organizations the ability to restore.
- Solution-based instead of strategy-based.
- “Instant Boot” capabilities exist but are limited to “Boot and Browse” use-cases.
- No forensics to dissect once an attack is in progress.
Disaster Recovery:
Goal: provide an instant capability to resume operations.
- A strategy to safeguard organizations from debilitating downtime due to disasters, including natural disasters, human error, or cyber-attacks.
- Involves the actual processes and consideration of what would happen in the event of a disaster (who will take ownership of getting applications up and running, what are our RTO & RPO requirements, who will take ownership of testing, etc.).
A higher level of security is more important now than ever. Luckily, disaster recovery provides in-depth protection from ransomware where immutable backups fall short.
Opti9 and Veeam are proud to share this on-demand webinar for further protection against the threat of ransomware. Within the free video, you’ll receive information on:
- Disaster recovery & resilience requirements
- Critical components of a successful DR strategy, including failback, testing, networking, and more
- How ransomware detection can level up your backup and disaster recovery strategy
- AND MORE!
For more information on ransomware protection, view the webinar hosted by Opti9 and Veeam, available at Opti9tech.com.