Over the last year, as the world went into lockdown cybercriminals moved into overdrive to take advantage of the increasingly distributed and porous data landscapes.
Ransomware has flourished during this time. Initially used to encrypt corporate data to block its access and/or expose it unless a ransom gets paid, the malware has increasingly become sophisticated and highly-targeted, allowing criminals to also exfiltrate data.
Cybersecurity firm SonicWall reported recently that ransomware attacks rose to 304.6 million in 2020, up 62% over 2019. The firm attributed that jump mainly due to the highly distributed workforces caused by the pandemic. In fact, through May of 2021, the group reported 226.3 million ransomware attacks already, up 116% year to date over 2020.
To defend against these unending attacks, companies need a program of organized protection techniques and processes aligned with IT systems. Although traditional cybersecurity tools and firewalls are critical to defending against cybercrime, companies must take extra care to fortify the most precious corporate asset: enterprise data.
That’s where immutable, tamper-proof data storage comes in.
We have been at the forefront of this technology for decades. It’s made possible through the use of intelligent storage systems that take “secure snapshots,” or copies, of the corporate data automatically at pre-defined intervals. The secure snapshots are stored within the storage system itself in a secure enclave or on an offline air-gapped system – isolated and inaccessible from the main system, except through trusted application and authorized personnel. As a result, it’s not possible for intruders to access or alter the data, rendering it immutable.
Use of intelligent snapshot technology delivers a significant one-two punch against ransomware and other forms of malware: data protection and rapid recovery. The snapshots let companies better protect their data, and quickly restore operations when needed. In the event of a data loss or breach, or any other data event that disrupts operations, an organization can recover its entire enterprise by restoring data from the secure snapshots based on a specific point-in-time prior to the breach or disruption – with confidence in knowing the data resides in a clean state.
Four tenets of data protection and recovery
Cyber and data resiliency are critical to digital transformations and the first step in that journey starts with the data. It’s the fuel that drives companies permeating every corner of the technical infrastructure, from storage to artificial intelligence, and from the edge to the core datacenter and to the cloud. Lose data during a ransomware attack and a company loses its ability to function. A recent study by KPMG found that cybersecurity will pose the greatest threat to a company’s growth over the next three years. And according to the annual Fortune 500 CEO Survey in May, cybersecurity risk was the No. 1 concern by more than two-thirds of those surveyed.
Companies need a data resiliency plan so they can recover quickly with as little residual damage as possible. Doing so builds trust in the business and what it delivers. When it comes to data protection and recovery, we advise people to consider the following four tenets:
- Isolation. Isolate and separate the data from the rest of the network via snapshots and backups. Security teams can isolate or air-gap through logical means by utilizing capabilities like secure snapshots and backups. We have a technology that creates secure snapshots that are not accessible by the host system, protecting it from corruption. Companies can isolate the data by storing it offline on a different media like tape storage.
- Immutability. Ensure the company stores data in a secure isolated recovery environment. This prevents any attacker, external or internal, from changing or deleting data. Write Once, Read Many (WORM) technologies, as well as secure snapshot solutions offer proven retention capabilities.
- Recovery time. It’s often overlooked, but system recovery time is an important capability of any data resilience framework. How fast can the organization recover from a ransomware attack? While tape excels at isolation and immutability of backup data, it can take hours and sometimes days to fully recover the data to the pre-attack state. For organizations that can’t afford any downtime, look for high-performing data storage solutions, such as flash-based systems. After that, ensure that uninfected and logically isolated copies of the data are as close to the source dataset as possible to shorten the data transfer distance and create an even faster recovery relationship.
- Simplicity. It’s increasingly critical that organizations ensure that access to backup data is simple, quick, and easy. For starters, this speeds testing recovery procedures and backup validation. The quicker companies can get data into an isolated environment following a ransomware attack, for example, the faster they can find a valid recovery point from which to restore.
Risk of cyberattacks have been compounded by the advent of the remote workforce. In today’s hybrid work environment, companies need to look for data resiliency capabilities and services that not only protect the enterprise, but help reduce operational costs by ensuring business continuity. In addition to taking snapshots and deploying immutable storage, companies should ensure sustainable data quality through advanced threat detection and rapid recovery. Finally, security teams must add encryption to fully protect all the data.
There’s no 100% guarantee that an organization won’t fall victim to a ransomware attack. But by taking these steps to bolster the company’s storage and data recovery systems, companies can restore operations in minutes and mitigate the most negative aspects of a ransomware attack.
Denis Kennelly, general manager, IBM Storage Division