Ransomware Response – The Confluence of Security and Disaster Recovery
March 11, 2020 by Chris Riley
If at least one major threat could be taken off the table of the cyber-threat landscape, the world would be a better place.
Eradicating ransomware is a wish list item that the technology industry pushes hard to achieve. Despite valiant efforts, the prevalence of ransomware continues its rise. Even the best technologies, combined with awareness campaigns, can only stem the tide of this threat. It is extremely difficult to prevent these incidents from happening, but we can prevent ransomware from mattering through a focused recovery strategy.
Growing Attack Numbers, Growing Risk
Many have become immune to the shock of these attack stories but the recovery costs remain staggering for this digital plague. Reports indicate that the total estimated cost of US ransomware attacks for 2019 was over $7 billion with the average recovery cost of $1.4 million per attack for an individual organization.
Even industry giants are vulnerable—manufacturer Visser Precision reported in early March 2020 that it was hit by ransomware DoppelPaymer, which began publishing breached data online from Visser customers including Tesla, SpaceX, Boeing and Lockheed Martin. Their case is still ongoing.
Ransomware is a common doctrine for cybercriminals and state-sponsored parties because mobilizing a cyber-offensive army is one of the cheapest threats to leverage and develop. A rogue nation or criminal operation does not need to buy tanks, airplanes, or organize the logistics that come along with an offensive operation—these operations can inflict maximum damage with digital currencies, credit cards, and an internet connection. Cyberwarfare and ransomware attacks have become a great equalizer against enterprise security on the battlefront for global power and influence.
Shifting Definition of “Disaster”
In many ways, the definition of a “disaster” has changed in the IT landscape. At one time, the concept of disaster recovery incorporated absorbable risks, a calculation that IT could put together and plan around. For example, there’s a probability that can be determined of a hurricane affecting a Florida datacenter, a tornado-alley storm knocking out power to a corporate IT center, “Billy-Backhoe” cutting a non-redundant fiber route during nearby construction…
These are disasters that businesses can envision, establish recovery plans for and have a general sense of when they are most likely to occur. Even with the current global pandemic COVID-19 coronavirus, organizations can take proactive measures through cloud-based tools and business continuity plans to combat the potential risks to customers, employees, and the company as a whole before disaster truly strikes.
But Ransomware differs in that it can come any time, from anywhere, and once an attack hits, an outage can effectively shut a business down for days, even weeks on end. The ransomware threat is virtual and therefore mobile and their timing less easily predicted, yet their impact could be as, if not more, impactful than the physical disasters people have long contemplated. Fortunately, some of the same recovery tactics we have long considered can be perfect tools for a speedy recovery – not involving ransom.
Standard Disaster Recovery Services, when offered in an indexed manner can enable restoration to a prior version of an application or environment replicated before infection by Ransomware. Where in usual Business Continuity planning you strive for the lowest tolerable RPO (Recovery Point Objective) and RTO (Recovery Time Objective), whereas in a Ransomware situation a company may accept a longer RPO to lower the RTO. Basically, one would sacrifice some data aggregated between when the Ransomware was placed and when it was triggered. While no doubt there would data loss, the functional recovery of the system(s) could be much quicker—and with no ransom paid. Such disaster recovery planning involves increased storage of version snapshots and may drive up some costs. However, the ever-decreasing cost of storage and the ever-increasing frequency of Ransomware “disasters” will drive a confluence of Security and Disaster Recovery considerations henceforth.
Being thoroughly prepared for any disaster can be outside the bandwidth of internal IT team, which ideally should be focused on more business value driving tasks and initiatives. Even with plans in place, threats at the forefront of the latest IT innovation are often one step ahead of traditional disaster recovery and business continuity strategies.
Working with an IT partner solely focused on formulating and ensuring the most up-to-date DR plans take the burden off internal teams. Ntirety alleviates this stress through a tried-and-true process starting with an in-depth assessment to testing and implementing end-to-end recovery tactics and all the way through 24x7x365 support in case of any issues that may arise. From platform management to continuous data protection and architecture design, Ntirety’s Recovery Services empower you to provide continuous and first-rate service to your customers and stakeholders. Overall, Ntirety aims to deliver true peace of mind.