View all on-demand sessions from the Intelligent Security Summit here.
It turns out that most IT environments have not made the connections when it comes to ransomware and the importance of a good security system. This is easy to deduce when reading a recent IDC survey from more than 500 CIOs from more than 20 industries around the world.
The most notable statistic from IDC’s report is that 46% of respondents have been successfully attacked by ransomware in the past three years. That means ransomware has jumped past natural disasters and become the main reason to be good at performing big data recovery. Many years ago, the main reason for such recoveries was hardware failure, because the failure of a disk system often meant a complete recovery from scratch.
The advent of RAID and Erasure Coding changed all that, bringing natural disasters and terrorism to the forefront. However, the chances of a particular company being hit by a natural disaster were actually quite small, unless you lived in certain disaster-prone areas, of course.
Contents
Lost money, lost data
That 46% basically means your chances of getting hit by ransomware are a coin toss. What’s worse is that 67% of respondents paid the ransom and 50% lost data. Some commentators downplayed the 67%, suggesting that these organizations may have been responding to a ransomware tactic known as extortion software.
In this scenario, a company receives a request like, “Give us $10 million or we’ll publish your organization’s biggest secrets.” But even excluding that statistic, we’re left with the fact that half of organizations affected by ransomware have lost critical data. That’s two coin tosses. This, as they say, is not good.
Prepared for an attack? Probably not
However, the story deteriorates. Surprisingly, the same organizations that were attacked and data lost seemed to think quite highly of their ability to respond to such events. First, 85% of respondents claimed to have a cyber recovery roadmap for detecting, preventing, and responding to intruders. Any organization will probably answer “absolutely” if you ask them if they have such a plan.
You might even wonder what’s up with the 15% who don’t think they need one. They’re like the fifth dentist in the old Dentyne commercial who said, “Four out of five dentists surveyed recommended sugar-free gum for their gum-chewing patients.” If your organization doesn’t have a cyber recovery plan in place, the fact that so many businesses have been attacked should hopefully motivate your leadership to make that change.
An organization should be forgiven for being attacked by ransomware in the first place. After all, ransomware is an ever-evolving field where evildoers are constantly changing their tactics to gain traction. What’s hard to understand is that 92% said their data resilience tools were “efficient” or “very efficient”. It should go without saying that an efficient tool should be able to recover data in such a way that you don’t have to pay a ransom – and you certainly shouldn’t lose any data.
Minimize attack damage
There are several key parts to detecting, responding to, and recovering from a ransomware attack. It is possible to design your IT infrastructure to minimize the damage of an attack, such as denying the use of new domains (command and control cessation) and limiting internal lateral movement (minimizing the ability of the malware to spread internally). But once you are attacked by ransomware, you need a lot of tools that can be much more efficient if they are automated.
For example, you can move from restricting lateral movement to stopping all IP traffic altogether. If infected systems can’t communicate, they can’t do any more damage. Once the infected systems have been identified and shut down, you can begin the disaster recovery phase to bring infected systems online and ensure that recovered systems are not also infected.
The power of automation
The key to making all of that happen in the shortest amount of time is automation. Tasks can be completed instantly and simultaneously. A manual approach ensures further downtime as the infection spreads in your IT environment. Everyone agrees that automation is key, including 93% of IDC survey respondents who said they have automated recovery tools.
So about nine in ten respondents said their data resiliency tools were efficient and automated. However, if this were true, half of those attacked would not have lost any data and far fewer people would have paid the ransom.
So what does this mean? The biggest takeaway is that you need to watch your surroundings. Do you have a plan to respond to a ransomware attack? Does it immediately seal off your environment to limit further damage while you investigate? Can you also repair infected systems automatically?
If your chances of getting hit by ransomware are as high as flipping coins, now might be the time to take off the rose-colored glasses and get to work.
W. Curtis Preston is chief technical evangelist at Druva.
Data decision makers
Welcome to the VentureBeat community!
DataDecisionMakers is where experts, including the technical people who do data work, can share data-related insights and innovation.
To read about advanced ideas and up-to-date information, best practices and the future of data and data technology, join DataDecisionMakers.
You might even consider contributing an article yourself!
Read more from DataDecisionMakers
Janice has been with businesskinda for 5 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider businesskinda team, Janice seeks to understand an audience before creating memorable, persuasive copy.