As explained in my previous article, immutability is a crucial element of successful ransomware protection as it converts data to a write-once, read many times format, which cannot be altered. This provides enterprises with the right technology and appropriate restore and recovery practices to access unaltered data within minutes of a breach.
While ransomware is alarmingly on the rise, immutable storage is unquestionably one of the best ways to counter lasting damage.
Let's explore some of the research available on cloud and ransomware.
A 2021 survey reported that 20% of companies reviewed were attacked. This report found that 92% of organisations don't get their data back after a ransomware attack, even if they pay the ransom.
Ransomware can ruin or severely damage a business – remember the average ransomware recovery cost is $1.85 million. That's a staggering R28 015 290!
Companies can leverage the cloud for fast, certain recovery but need to have deep cloud integration to prevent downtime and data loss, delivering an all-in-one data and ransomware protection solution to neutralise ransomware attacks.
They should be aware that backups stored/replicated to immutable cloud storage add next-level data protection because data is still recoverable, even if the entire system is unavailable.
The Gartner and Forrester View of the Current State of Cloud Backup and Recovery says as technologies and organisational requirements continue to evolve, enterprises today are looking to change their backup and recovery strategies fundamentally.
They state that with media volumes and data expanding rapidly, traditional approaches such as tape backup simply cannot keep up with today's fast pace of information growth.
One thing is certain: the ransomware and malware threat to data backups is not going away.
Companies are looking for new and quicker ways to protect their applications and backup and secure their data. The public cloud has brought a new element to backup and disaster recovery (DR) by providing fast recovery, cost-efficiencies and a dependable way to ensure business continuity.
The need for automation
Forrester states that 34% of enterprises are still struggling with automating their backups and recovery. Organisations are facing a growing need to use automation to improve productivity and minimise failures, monitor backups' status and ensure overall backup reliability.
Moving applications from on-premises to the public cloud has given enterprises the ability to deploy and run service stacks in a matter of minutes. Automation of backup policies can be used with out-of-the-box/blocks, which don't require any implementation efforts on the infrastructure level. This provides a fast and easy way to implement a well-structured backup policy that provides increased flexibility going forward.
Features and best practices can be time-consuming to create and maintain, especially since building consistent backup and ensuring the DR site is ready for any event are probably not the company’s core capabilities.
The Forrester research concludes that cloud-based backup and DR gives enterprises the ability to lower costs, automate and simplify the DR process, support more applications, and improve SLAs. This was endorsed because 94% of surveyed database and operations professionals use the public cloud as their DR platform and confirmed it had improved their SLA attainment.
Unfortunately, common mistakes still leave doors open for attackers, and these include:
- Locating backup servers on network drives.
- Executing inadequate, infrequent backups.
- Failing to protect backup servers with anti-virus/anti-malware solutions.
- Failing to establish backup redundancy, including backing up the backup server.
- Failing to test the recovery of backed-up data.
- Granting backup server login credentials to those who don't require access.
- Unnecessarily browsing the internet from the backup server.
Value-added resellers often work with customers operating with a mix of technologies, solutions and vendors. Heavily siloed approaches can lead to gaps that cyber criminals can exploit.
On the positive side, new technology and solutions can be mixed and matched to meet customer needs. At the intrusion detection and prevention phase, new solutions use deep learning neural nets to detect known and unknown threats.
Some solutions use behavioural analysis to stop never-before-seen ransomware attacks in the response phase. In the data protection and recovery phase, solutions exist that combine immutability and continuous data protection.
This is the name of the game. However, it can be challenging to find a range of solutions that cover the entire gamut of business needs. Companies need to seek the kind of portfolio of solutions that provide a clear path to business continuity.
An appliance-based solution that combines immutability or intrusion detection that uses neural net technology are the type of solutions needed to meet today's changing and evolving threats.
One thing is certain: the ransomware and malware threat to data backups is not going away. There is no single silver bullet to kill the ransomware threat from a security and keeping the business lights on perspective.
A multi-modal approach is still the best strategy, but it must adhere to the immutable 3-2-1-1 rule – without this, it is doomed to failure.