June 01, 2022
In my first blog, Why Protecting Your Data is Key in the Fight Against Ransomware”, I identify the importance of protecting the core data center and the need for ransomware resiliency due to the new working-from-home culture and cybercriminals becoming more sophisticated over time and leveraging different targets to optimize their efforts.
To gain deeper insight into these challenges and uncover ways that developing strategies equip organizations with a ransomware strategy, I participated in a series of virtual roundtable events held by Meet the Boss and Nimbus Ninety, with C-Level and senior peers. Within this new distributed environment, roundtable participants agreed that successful ransomware strategies include a methodological as well as technical angle. Training employees across the organization is paramount, with the old corporate adage of “security by design” no longer making the cut. However, the core principles of data security remain the same. Employing the multi-layered approach of access and identity management, understanding the principles of Cloud and IoT, and utilizing analytics to identify anomalies all contribute to the methodological and technical advantages.
One participant noted that the technology is there so why are ransomware attacks still such a problem? It was concluded that organizations need to understand the severity of the threat, implement adequate levels of safeguards and processes, and ensure they are tested to their limit. If they don’t, attackers will. Preparation was identified as key to the point that organizations develop muscle memory in their capacity to respond to attacks. Once this is developed, organizations can respond to threats that they do not even anticipate. One of the roundtables concluded with a resounding agreement that there is indeed a third pillar to be added to the guide to recovering from ransomware: methodology, technology, and culture.
During one of the events, a lively debate ensued about how ransomware attacks are no longer merely the concern of “techies”. There was agreement that it is now a greater issue than the technological sphere and should be analyzed from a strategic and operational level. Organizations frequently end up in a state of “board paralysis” during these attacks, unable to decide whether to negotiate with attackers and if so, how this is done and by whom? All employees need to be educated on, and prepared for, ransomware attacks to allow for rapid decision making and preparedness to mitigate the impact of ransomware by removing the silos between IT teams and executive decision-makers.
According to ESG’s 2022 research study, “The Long Road Ahead to Ransomware Preparedness,” ransomware readiness is a team sport. Preparedness investments are coming from a combination of IT, security, and data protection groups. And according to ESG’s report, “Data is the Business, “To treat data like the business asset it has become, it must be de-risked, protected, made compliant, and leveraged”. In the case of a Hitachi Content Portfolio data protection customer, several organizations, including the CIO, infrastructure team, compliance organization, and security team were involved in evaluating a secure platform for their users to securely access and share data. They also needed buy in from their end users. Therefore, they invited 20 key executives who were not IT savvy to provide feedback on user experience. Stakeholders decided that the solution would help realize their vision of a “Digital Workplace” to improve productivity, enhanced data security, and user protection.
It was acknowledged that security experts are always in crisis mode, with their primary state being alert and defense. This makes innovation difficult as organizations are usually one step behind the attackers. According to ESG, more than 50% of organizations are paying to get access to data again which demonstrates the inefficiencies of current ransomware strategies. Only 1 in 7 companies reported getting all their data back post payment. And one of the top implications of ransomware attacks is productivity loss due to downtime with no data access, waiting to reestablish access, and rework to recreate data if unrecoverable.
Participants in these recent roundtables concurred that you must get the basics right. There needs to be automation of the recovery process and being able to create a secure zone environment where it is possible to isolate server or application pool to proactively test protection copies for recovery. The backup solution at the end of the chain is your last safety net, but there is much to get in place before then. According to ESG, 49% of companies report that they are taking extra measures for all their backup copies. Immutable storage is a second factor to protect your backup data against modification and deletion, independent from the application. If all the backup infrastructure is gone, you still have a valid copy of your data that cannot be overwritten.
The focus should be on mitigation rather than recovery with a holistic view of an organization’s ransomware strategy. Let’s face it, the cost of a ransomware attack is so enormous that mitigating that risk with a well-prepared solution that can repel attacks, makes sense every way you look at it. This is possible with a modern, elegant approach to unstructured data and a second layer of immutable storage to protect your most vital data assets.
Read our insights and guidance as your first step in finding out how Hitachi Vantara's solutions can keep your data safe.
Hitachi Ops Center a modern data protection, Hitachi Data Protection Products, Hitachi immutable storage and Hitachi improves Cyber Resiliency with isolated “thin digital twin” environments
Check out more great stories on Insights.