In 2017, ransomware became the 5th most common type of malware, with damage costs reaching $5 billion according to Cybersecurity Ventures. What's more, the damage is increasing, with costs up 5x since 2015 as attacks increase in number and sophistication. With 71% of companies attacked becoming infected and 1 in 5 never recovering their data after an attack, the threat is real for enterprises of all sizes. Fortunately, companies can take a few key steps to help keep data and business protected:
1. Assess your vulnerability
Start by educating yourself about how ransomware works and what an attack would mean for your business. How would an attack happen? What data would be most vulnerable and most critical? Where are you vulnerable and how would you recover? Most infections today occur at end points (laptops, tablets, phones), but aggressive attackers are beginning to target the data center with spoofing that gives malicious applications and links a very realistic appearance. Data centers are seen as a source of higher value and higher ransoms.
2. Understand your business' recovery needs
Consider an attack on your business and identify your specific metrics for recovery. How fast would you need to recover and to what point? Your Recovery Time Objectives (RTOs) and Recovery Point Objectives (RTO) can help you determine if your existing backup and recovery processes are sufficient to weather an attack.
3. Follow a 3-2-1 data protection strategy
3-2-1 data protection is an industry-recognized data retention practice:
- Have three copies of data (original backup and at least two copies)
- Use two different forms of media (disk, tape, optical, or cloud)
- Have one off-site copy. Keep one copy geographically separated from the original backup copy.
Be sure to use full backups with versioning so that known, good media are available from a point in time before the attack. Since ransomware can remain hidden for weeks or even months before a payment demand is made, have full backups beyond 30 days to improve recovery readiness.
4. Consider a blend of primary, secondary and cloud-based storage for ransomware recovery
Ransomware survival is all about attack recovery, with data protection built across a range of storage solutions. Protection starts with primary storage where frequent snapshots and replication can help you recover recent data copies quickly after an attack. In addition, most ransomware survivors cite secondary storage as the critical infrastructure that helped restore their data and business operations. Secondary storage -- including disk-based backup solutions, backup software and tape -- supplements primary storage snapshots which typically expire over time. Finally, using cloud-based storage is a great addition to a ransomware recovery plan, ensuring an offsite unique copy as a last line of defense.
5. Implement your ransomware protection plan and educate your teams
Your last step is to implement --- shoring up data protection processes and working to educate company employees on safe practices. Cybersecurity education can greatly reduce the risk of employees opening malicious attachments or links and unwittingly initiating an attack.
Every day, ransomware increases in reach and sophistication. Fortunately, you can take steps to protect your business in the event of an attack, focusing on solid backup and recovery as your most critical defense.