Anyone who pays attention to the news is aware that ransomware attacks can wreak havoc on organizations. Ransomware attacks on businesses grew by 365% between Q2 2018 and Q2 2019, according to Tech Republic. Even more frightening, a Sophos study showed that 77% of those organizations were infected with ransomware even while they were running up-to-date endpoint protection.
If these attacks can succeed when adequate security measures are in place, it’s likely a matter of when, and not if, an organization will face the consequences of a ransomware attack. Survival means every organization must both proactively both protect its data and ensure that it can be recovered if an attack is successful.
Security experts say that preventing ransomware attacks requires organizations to, among other things, monitor vulnerable time periods closely, teach employees to be suspicious regarding phishing emails and to understand that malicious software looks legitimate. It’s a given that every organization also needs strong data security measures in place to protect their data today.
It’s also important to take a holistic approach to preventing ransomware attacks. That includes updating all software in a timely manner and retiring outdated hardware. On the human side of the equation, restrict administrator accounts to as few individuals as possible. The most destructive ransomware is designed to gain access to areas of a network only accessible to administrator accounts.
While all these efforts may be effective, what happens if an attack still succeeds?
That’s when it’s essential to have an effective backup and recovery plan in place for minimizing downtime and data losses. And that requires understanding your core business processes – the systems and applications that run the organization – and identifying which require critical protection, and which should be prioritized for recovery.
Recovery planning must address two key metrics: Recovery Point Objective (RPO) and Recovery Time Objective (RTO). RPO describes the amount of time that may pass during a disruption before the amount of data lost during that period exceeds the organization’s set maximum allowable threshold. Put simply, the question is how much data can the organization tolerate losing in an attack?
RTO is the length of time and service level within which an organization’s processes must be restored after a disaster to avoid unacceptable consequences from a break in operational continuity. Essentially, RTO answers the question “How much time will it take to recover after notification of a business process disruption?”
Organizations also need to consider ease of storage scalability to meet the massive and growing amounts of data they deal with today because once a legacy storage solution reaches its architecture limits, it is both costly and disruptive to migrate to a new solution.
OneXafe’s consolidated data storage platform addresses this need for scalable capacity for primary and secondary workloads with a scale-out architecture that expands storage seamlessly, one drive at a time or multiple nodes within a cluster – on-prem, off-prem or in the cloud. At the same time, OneXafe minimizes storage requirements using powerful data reduction technologies such as inline deduplication and compression, reducing storage costs and associated operational expenses.
There are no guarantees that a breach can be prevented, so the first and most critical step in mitigating the devastating results of an attack is to perform regular backups of critical data. StorageCraft developed OneXafe to meet that requirement by creating a continuous, immutable snapshot – a copy of your data that can’t be overwritten or deleted by ransomware attackers or users – every 90 seconds.
Even if a ransomware attack succeeds, encrypting the data and corrupting the primary file system, these snapshots are completely immune to any modification or deletion.
While some storage vendors claim their snapshots are immutable simply because they are read-only and can’t be changed, that approach doesn’t protect the snapshot itself from being deleted. That’s why implementing off-site or cloud replication of backed up data is also critical, providing an additional layer of security.
OneXafe’s data snapshots are the key element in achieving RTO and RPO objectives following a ransomware disruption because they enable all data to be restored in minutes, not hours, days or weeks, with little muss or fuss.
Another option to consider for ransomware recovery is Disaster Recovery as a Service (DRaaS). With this approach organizations don’t need to build out their own data center, instead utilizing StorageCraft Cloud Services to create a customized disaster recovery plan that fits the organization’s needs and budget. StorageCraft DRaaS ensures that data is safe and always available inside the company’s distributed, scalable, fault-tolerant cloud, which was purpose-built for recovering everything from files and folders and machine virtualizations to providing instant failover of an entire site and network.
In our fast-paced world every minute counts. And every minute an organization is offline can translate to huge losses in both dollars and productivity. The best defense is preparation and planning. So if you don’t already have an effective backup and recovery plan in place, there’s no time to lose. Your organization could be the target of the next ransomware attack.
For more information or a StorageCraft OneXafe demo, please reach out to John Thome, President of Chi Corporation, at jthome@chicorporation.com or 440-498-2310.