Ransomware Recovery: Why a multi-layered approach should be a priority

In order to strengthen cybersecurity and reduce business risk, organisations must employ a multi-layered data protection approach to ensure resiliency and recoverability at any point of the data lifecycle. Eric Bassier, Senior Director Product Marketing at Quantum, explores what a multi-layered approach should entail and looks forward at what to expect next in the world of recovery.

According to a recent study of IT and business executives, two out of five revealed that their organisations had suffered from successful ransomware attacks. Even worse, over 80% reported that they had paid out to safeguard their data. That’s because cybercriminals are always on the hunt for new ways to fool users into clicking on links which open the door to ransomware infiltration.

Companies of all sizes and sectors talk a lot about digital transformation these days – the increasing migration of all types of operations to the digital world. However, with this transition comes a near exponential increase in the volume of data created, particularly unstructured data from various sources, such as IoT sensors, AI and machine learning applications, video and imagery. All this new data is valuable and must be gathered with unique storage requirements and new cybersecurity challenges.

A looming, ever-present threat

It is becoming clear that cyberthreats and ransomware attacks are far more than simply an IT or security issue, they are a pressing business issue. As ransomware becomes ever more sophisticated, it causes increasing damage across every sector, leading to data loss and credential theft. As a result, organisations face downtime, lost productivity, decreased income, and potentially severe reputational harm, not to mention the possibility of critical damage to infrastructure and applications.

To avoid these outcomes, businesses must boost their cybersecurity and minimise risk by implementing a multi-layered data protection approach, which will enable resilience and recoverability at any stage of the data lifecycle.

Introducing multi-layered data protection

Following the recent Colonial Pipeline and Solar Winds breaches, the US government issued an executive order to strengthen its national cybersecurity defences to protect against similar attacks. In this environment of heightened cybersecurity awareness, combined with the always evolving nature of the threats, it is urgent that a multi-layered approach is employed to ensure optimal protection by following these four guidelines:

  • Maintain multiple copies of data: If you want to foil malicious invaders, aim to keep a minimum of three copies of all data at all times. Number one is the primary copy, with the two remaining sets acting as back-up. It’s important that the back-ups are stored on different media types, such as disc or tape.
  • Immutable snapshots play a key role: High-speed disc- or flash-based back-up storage should employ immutable snapshots. These snapshots are dual purpose, both stamping permanence and protecting the “primary” back-up data sets.
  • Offline storage is your friend: The mass migration to the cloud has brought many benefits and certainly offers a more streamlined, accessible way to store all sorts of data. However, that means if it is easily accessible for you, it’s probably easily accessible to those with malicious intent. Instead, consider secure, offline and air-gapped storage, such as tape libraries as the last line of defence for your data.
  • Object locking is essential: If you are thinking about object storage for either your primary back-up storage or for longer term data retention, be sure to employ versioning and object locking. This will safeguard data in any location with encryption to add another layer of defence against ransomware.
Related:   Welcome to it-sa

Looking forward

As we have seen, ransomware has been booming in every sector, from healthcare to corporates to government, and it will continue to do so because cybercriminals continually invent new ways to infiltrate an organisation’s systems and infrastructure. We all know that network and production data must be safeguarded but so too does your back-up infrastructure.

Recent research into the criminal approach has demonstrated that bad actors are targeting critical systems with a clear focus on back-up first. This is because if they can disable your recovery options, they have already won the battle. Without the ability to recover valuable data, what options remain? Organisations usually fold and pay out, but that is no long-term solution to the problem.

Institutions need to introduce an integrated multi-layered approach to back-up and ransomware recovery, incorporating offline copies of data that are not physically accessible. This will help enable data that is better secured and isolated across multiple tiers, maintained in either an off-network site or in an unchangeable condition where it is far out of the reach of would-be cybercriminals.

Photo by Ewan Kennedy on Unsplash

Senior Director, Product Marketing at 

Eric Bassier leads product and technical marketing at Quantum, he and his team are responsible for driving Quantum’s product and go-to-market strategy globally. Eric has over 18 years of experience designing, managing, and marketing enterprise storage products, and his writing has appeared in Wired, Business Solutions, Data Center Post, Data Center Knowledge, and more. Follow him at @ericbassier.

One thought on “Ransomware Recovery: Why a multi-layered approach should be a priority

Leave a Reply

Your email address will not be published. Required fields are marked *