How to fight ransomware effectively

Ransomware has come a long way since it first appeared in 1989, when it was distributed to victims on floppy disks, its encryption was easily overcome, and even the ransoms were rarely more than $200. Today, ransomware is a billion dollar black-market industry, utilising some of the most complex encryption techniques currently available to inflict major damage and suffering on unlucky victims.

With the number of successful ransomware attacks seemingly growing by the day, there’s a sense that ransomware defences are always one step behind, and sadly, this is often the case. Every time defenders get on top of the latest ransomware techniques, a new one inevitably springs up in its place.

Network defences simply aren’t enough

Obviously, the goal of every security team is to prevent ransomware from ever making it onto the network, but the reactive nature of the task makes it virtually impossible. As things stand, there’s simply no 100% effective approach to defending against the plethora of new external security threats appearing all the time, such as APTs (Advanced Persistent Threats) and Zero Day Exploits. What’s more, one of the biggest threats to security still comes from inside most organisations in the form of insider threats, which can be the Achilles Heel of even the most robust data security programme.

To put the size of the issue into context, IDC’s recent  The State of Ransomware and Disaster Preparedness: 2022 survey found that 93% of organisations suffered a data-related business disruption during the past 12 months, with over two thirds of respondents (67.8%) experiencing four or more such disruptions.

In short, conventional IT security and network defence measures simply aren’t enough anymore. Organisations everywhere need to actively plan for the worst case scenario of a successful attack and put steps in place to mitigate any potential damage caused.

Traditional backup methods aren’t a guarantee against business disruption

Perhaps unsurprisingly, many organisations have started to rely on data backups as their primary defence in the event of a successful ransomware attack, thinking that they can just recover anything lost or stolen from the latest backup made.

Aware of this, backup solution vendors have become some of the loudest and most vocal groups within the data protection landscape, often marketing their technology aggressively to prospects across a wide range of sectors. However, as most new applications are now deployed in the cloud or at the edge, these previous generations of data protection software and storage systems simply do not have the capability to capture every piece of data being generated at any given time. Accordingly, organisations’ faith in their existing backup and data recovery solutions is being steadily eroded. In fact, less than a third (28%) of respondents in the IDC-survey expressed 100% confidence in their current system’s ability to recover all data in the event of a breach.

Related:   IAM in a shifting environment

At the same time, organisations are facing ever-increasing complexity in providing data protection and disaster recovery using a variety of interwoven data protection products. These often include backup and recovery software, snapshots, mirrors, and replicas, along with disaster recovery (DR) strategies to ensure data recovery in the event of any failure, such as a ransomware attack. With the cost of unplanned downtime currently standing at  roughly $250k an hour across all industries, according to IDC, the stakes are becoming higher and higher all the time.

Consequently, many businesses are now seeking new, improved solutions that can drive down service-level agreements like RTO and data loss SLAs (RPO) to near zero, meaning no downtime or data loss at all. All of this spells bad news for conventional backup solutions, which simply can’t ensure this level of security anymore.

Eliminating the ‘backup gap’ with Continuous Data Protection

Fortunately, a solution has emerged in the shape of Continuous Data Protection (CDP), which can significantly reduce the potential for data loss, regardless of cause, as well as greatly simplify the data recovery process in the event of a breach, helping to minimise costly downtime. It does this by capturing and recording every single data change an organisation makes in near real-time, meaning the effective RPO is reduced to just seconds and the backup gap is all but eliminated.

With the threat posed by ransomware only growing by the day, organisations everywhere need to ensure their data is both safe and readily accessible, even if the worst should happen. The increasing complexity of modern business networks makes this extremely difficult to achieve using conventional backup and DR technologies alone.  However, implementing Continuous Data Protection means an organisation can return to a point just seconds prior to an attack, preventing business disruption and avoiding potentially disastrous consequences. For this reason, Continuous Data Protection is now an essential tool in the fight against ransomware that no organisation can afford to ignore.

Technology Evangelist at 

Leave a Reply

Your email address will not be published. Required fields are marked *