Perception vs reality: How to really prepare for ransomware

Watch all the on-demand sessions from the Intelligent Security Summit here.

Most IT environments don’t seem to have connected the dots when it comes to ransomware and the importance of a good protection system. This is easy to infer when you read a recent IDC survey of more than 500 CIOs from more than 20 industries worldwide.

The most interesting statistic from the IDC report is that 46% of respondents have been successfully attacked by ransomware in the last three years. This means that ransomware has overtaken natural disasters to become the main reason why one must be good at performing big data recovery. Many years ago, the main reason for such restores was hardware failure, as a disk system failure often meant a complete restore from scratch.

The advent of RAID and Erasure Coding changed all that, and natural disasters and terrorism came to the fore. However, the chance that a society could suffer a natural disaster was actually quite low – unless of course you lived in certain disaster prone areas.

Lost money, lost data

That 46% basically means that your chances of getting hit by ransomware are a coin toss. Worse, 67% of respondents paid the ransom and 50% lost their data. Some commentators downplayed the 67%, suggesting that these organizations may have been responding to a ransomware tactic known as extortion.

In this scenario, a business receives a demand like, “Give us $10 million or we’ll reveal your organization’s worst-kept secret.” However, even if we ignore that statistic, we’re still left with the fact that half of organizations hit by ransomware have lost important data. That’s two coin flips. That, as they say, is not good.

Ready to attack? Probably not

However, the story gets worse. Surprisingly, the same organizations that were attacked and lost data seemed to value their ability to respond to such events. First, 85% of respondents claimed to have a cyber recovery playbook for breach detection, prevention and response. Any organization is likely to say “absolutely” if you ask them if they have such a plan.

In fact, you might even wonder what’s going on with the 15% who don’t seem to think they need it. They’re like the fifth dentist in the old Dentyne ad that said, “Four out of five dentists surveyed recommended sugar-free gum to their gum-chewing patients.” If your organization doesn’t have a cyber recovery plan, the fact that so many businesses have been hacked should hopefully help motivate your leadership to make this change.

An organization should be forgiven for being attacked by ransomware in the first place. Ransomware is, after all, an ever-evolving field where criminals are constantly changing tactics to gain traction. It’s hard to fathom that 92% say their data resilience tools are “effective” or “highly effective.” It goes without saying that an effective tool should be able to recover data in such a way that you don’t have to pay a ransom – and you definitely shouldn’t lose your data.

Also Read :  Video footage emerges from an MMA event that put virtual reality users into the thick of the fighting action

Minimize attack damage

There are several key parts to detecting, responding to, and recovering from a ransomware attack. It is possible to design your IT infrastructure to minimize the damage caused by an attack, such as denying the use of new domains (stopping command and control) and limiting internal lateral movement (minimizing the ability of malware to spread internally). But once you are attacked by ransomware, it requires the use of many tools that can be much more effective if they are automated.

For example, you can go from restricting lateral movement to completely stopping all IP traffic. If infected systems cannot communicate, they cannot cause further damage. Once the infected systems are identified and shut down, you can begin the disaster recovery phase of bringing the infected systems online and ensuring that the recovered systems are not also infected.

The power of automation

The key to making this all happen in the shortest amount of time is automation. Tasks can be completed immediately and simultaneously. A manual approach will cause additional downtime as the infection spreads throughout your IT environment. All agree that automation is key, including 93% of IDC survey respondents who said they have automated recovery tools.

Also Read :  Basketball app Gym Class VR launches on Meta Quest

So roughly nine out of 10 respondents said their data resilience tools are effective and automated. However, if this were true, half of the victims would not have lost their data and far fewer would have paid the ransom.

So what does that mean? The biggest benefit is that you have to look at your environment. Do you have a plan in place to respond to a ransomware attack? Does it shut down your environment immediately to limit further damage while you investigate? Can you also automatically restore infected systems?

If your chances of getting hit by ransomware are about the same as flipping a coin, now might be the time to take off your rose-colored glasses and get down to business.

W. Curtis Preston is the chief technical evangelist at Druva.


Welcome to the VentureBeat community!

DataDecisionMakers is a place where experts, including technical data people, can share insights and innovations related to data.

If you want to read about the cutting edge ideas and current information, best practices and the future of data and data technology, join us at DataDecisionMakers.

You might even consider contributing your own article!

Read more from DataDecisionMakers


Leave a Reply

Your email address will not be published.