/pcq/media/agency_attachments/L8pkS8gpnodJThOdAfv1.jpg)
Follow Us/pcq/media/post_banners/wp-content/uploads/2018/04/Ransomware.jpg)
Ransomware protection can be overwhelming, especially when it needs to be within budget and rightly so. With the pandemic pushing 89 percent of Indian IT leaders to protect organizational data from ransomware, as per the 2020 Value of Data Report, every member of the C-Suite is actively demanding a comprehensive strategy to combat this growing menace.
To survive and protect against a ransomware attack, organizations need a comprehensive combat strategy, and it all begins with better defining the data protection component of one’s ransomware recovery strategy.
Here is a guide to the key elements that form a strong foundation for advanced recovery services and operationalizing everything along with the requirements and best practices.
1. Data protection in the age of ransomware
When ransomware attacks happen, an organization is bound to take many steps, but it all begins and ends with recovery. Therefore, the foundations begin with protecting your data. Since cyber criminals know the importance of your backups, they will target them for corruption or deletion. Therefore, not only do you need to protect the data you need to also protect your protection copies. The four things you need to do to protect your data are as follows:
Durable backups — If your backups are not working, ransomware does not even need to corrupt or delete them. Targeting a 100 percent successful backup rate, which is durable makes for real cyber security.
Restricted backups — Since unrestricted backups can be vulnerable to ransomware attacks, there should be no way for a process/server in your environment to directly access the backup storage. Even “root only” accesses are a vulnerability because cyber criminals can gain root access to your systems.
Non-erasable backups — Ransomware will try to gain control of your backup software and delete all the backups which is the reason why you need a system that will prevent backup deletion, even by an administrator. It can manually trigger deletes, reduce the retention period to force automatic deletions, and alter backup schedules so no new backups are created.
Backup the whole lot — You need to protect everything because ransomware usually enters via end-user devices, but attacks any data source — SaaS applications, cloud applications, filer servers, VMs, and even databases.
2. Agile Design
Every product has a unique ransomware protection feature, but it is impossible to create an architecture flexible enough to incorporate every differentiated approach. Since every product has a unique ransomware protection feature and ransomware itself will continue to evolve, you want an agile architecture that does not weaken in due course of time.
To build in architectural flexibility for the future there are three areas which will matter the most:
Large-scale recovery — Since most protection environments are not built for scalable recoveries, it will become increasingly important to design for the flexibility to recover at scale.
Multi-cloud recovery — Organizations that can recover data to alternate locations can restart critical applications even while quarantining infected areas and avoid losing revenue and customer confidence, the business can continue to run.
Evolving recovery systems — As both ransomware and your data environment, is constantly evolving, why should your architecture be left behind? Organizations needs a design that enables frequent upgrades of the protection environment. Much like the security team would not use 18-month-old antivirus signatures, you do not have to use 18-month-old protection software.
3. Weekly tests for examining recovery capabilities
Most organizations are concerned with realistic testing of “ransomware recovery”. To run a successful recovery system, you need to run weekly tests in:
Different environments — Depending on the scope of the attack and the urgency of the restore, you may need to recover your data and applications to an alternate environment. No matter how portable your applications are, you want the first cross-environment restores to be tests, so you can work out performance, security and network settings, application dependencies, and the unknown unknowns unique to your organization.
Different workloads — Generally, restore tests tend to entail recovery of a few VMs, some files, and a table space. However, a ransomware recovery could require restoring SharePoint Online, a NAS share, 40 laptops, and dozens of VMs. You need to know both the functional and performance limitations of restoring different workloads, or you would not be able to recover the affected data in time and may even have to pay the ransom.
Different people — Recovering at scale does not just require technology, but also requires people. If you want your entire workforce to be able to run recoveries, practice will make them perfect.
When it comes to the foundations of data protection, follow the dictum, “It’s not about backup… it’s about recovery.” With ransomware as a clear and present danger to organizational data, you will need to recover more data faster, recover to new environments and recover workloads that don’t even exist today. The fight against ransomware is just beginning.
The article is authored by Milind Borate, Co-founder and Chief Development Officer, Druva