Picture this: A cybercriminal finds an entry point into your organization. But it’s not a smash-and-grab attack. They linger there. For six to nine months, they study your environment in the shadows, learning how to compromise your storage environment, your backups, your data protection — before dropping a massive ransomware bomb on your organization. At that point, paying up becomes your only viable option.
This multilayered approach from cybercriminals is becoming commonplace. It’s time a multilayered approach to ransomware defense becomes the standard, too.
How are organizations fighting back?
A traditional approach to ransomware defense is often focused on keeping the bad actors out: endpoint security, email security, and training users not to click on malicious links or open unknown documents. Prevention will always be critical. But there are two things I’m seeing more and more when talking to clients:
- Security teams are becoming invested in the holistic environment: storage, backup, and data protection, among others. They’re realizing that vulnerable entry points are everywhere, and they want to rethink how they’re securing all of those entry points.
- Data recovery is taking center stage. A “not if, but when” mindset shift has occurred when it comes to being compromised. And ensuring recovery and restoration without paying a ransom is top of mind.
Recovery trends shaping the future
It’s time to rethink the way organizations restore and recover data in multiple areas. Following the traditional three-two-one principles is still important — three copies, on two different mediums, one of them off-site. But we need to start driving innovation around Mean Time to Restore (MTTR) capabilities.
If an entire environment needs to be restored, what does that look like from a process standpoint? For instance, we've always considered the data protection environments to have the cheap and deep storage. But we're starting to see Flash be prevalent in those environments. Why? Because Flash decreases MTTR.
Testing disaster scenarios on a broader scale is something teams need to start thinking about as well. When we talk data protection in the traditional sense, we talk about restoring files and folders — how quickly can I get someone an Excel spreadsheet back, maybe in a system or two? But in this case, we're talking restoring whole environments, or even an entire business. It’s not a conversation that we as an industry have been invested in until very recently.
The nuclear option
In that same vein, we're seeing an increasing call for data protection environments to leverage immutable storage, to harden backup repositories. Yes, immutable storage is the nuclear option. But with the threat landscape as dangerous as it is, the new approach to ransomware defense needs to cover the entire spectrum of action. That means pursuing innovation across everything — preventing, detecting, and recovering.
The road ahead
Here are my three biggest takeaways as you pursue excellence across your ransomware defense strategy:
- There is no silver bullet. I wish it were true, but there is no one holy grail product that will stop ransomware in its tracks. A tool may be a very important piece of a strategy and response plan, but there is no point solution that covers it all.
- End-user training will always be vital. You can have all the sophisticated tools in the world, but the end user will always be the weakest link. Make it a priority. You can even make it fun. One of our clients does an escape room inside its building with a focus on cybersecurity — it’s a fun way to make these best practices stick.
- There is no start and stop. The most successful teams look at ransomware defense through a business continuity lens. Test your methodology and test it often — whether it’s annually, biannually, or however often your business deems it appropriate. Every 11 seconds, an organization will fall victim to a ransomware attack, according to research compiled by PurpleSec.1 That’s simply too often for a “set it and forget it” strategy.
If you’re interested in learning how Insight can support your organization, get in touch with an Insight Cloud + Data Center Transformation (CDCT) expert. From evaluation to design to implementation, we can help create an end-to-end strategy that keeps your data safe from ransomware.
1 Morgan, S. (2019, Oct. 21). Global Ransomware Damage Costs Predicted To Reach $20 Billion (USD) By 2021. Cybersecurity Ventures.