Covid-19 forced organizations to embrace a mobile workforce and new methods of operation. With this change has come an increase in bad actors and attacks. Ransomware attacks in the first half of 2021 have risen 151% from last year to 304.7 million attacks, which is more than the entirety of 2020. It is safe to say businesses are under siege.
It is no longer a question of will businesses be hit by an attack but when. The traditional backup or disaster recovery plan is no longer enough to make it through a cyber attack. Organizations need a new solution to recover and ensure that the recovery can be accomplished despite infected files and within a reasonable time frame.
This article explores how the cyber security landscape has changed and how businesses can adopt cyber resilience to survive.
Landscape Has Changed
In the past, businesses were more concerned with recovering from a natural disaster than the train wreck that bad actors can leave. In previous years, bad actors focused on stealing data and basic disruption. This is no longer the primary case. In the last few years, the increase in malware and especially ransomware, has rapidly increased. Driven by quick, easy money, and a low barrier to entry, large criminal organizations, are getting into ransomware. They are focusing on businesses of any size and type.
Ransomware attacks are about more than locking out computers for a quick payout. These attacks are highly complex and can also be used to exfiltrate data and completely disrupt business operations. When ransomware strikes, victims have only had a few solutions to get their business back up and running. They can pay the fine and hope that most of the data is recoverable or restored from backups or a DR site. They hope the data is clean and can be restored in a timely fashion.
Unfortunately, neither of these options is good. Paying the ransom only encourages bad actors to continue their pursuits. And restoring from backups might work if the data has not been compromised, but it will take a long time during which the business is not operational.
Traditional DR is No Longer Enough
Traditional approaches to disaster recovery are appropriate for recovery from physical disasters, but it is not designed to manage current threats. They assume that the data will not be tampered with and can safely be replaced on different servers. What happens to your organization when you can’t trust your backup data?
Attackers have gotten more destructive and now include backups as targets, eliminating the standard lifeline organizations rely on when an attack or disaster occurs. Preparing for this type of attack is far beyond the purpose for which traditional backup and disaster recovery solutions and processes are designed.
Once attackers step into the ring, this problem becomes one that needs to be managed holistically, looking at cyber security and cyber resilience under one multi-disciplinary team. Cyber resilience is a combination of technology, process, and environment helping the organization continue to operate despite the adverse events affecting it. It requires a level of planning to prepare for attacks, including isolation, remediation, immutability, and more to recover from attacks. Doing this requires a single team to manage the processes and coordinate with the rest of the organization.
Air Gap the recovery images
Now that recovery images are a direct target of attackers, organizations need to increase the protection of their recovery images. Businesses need to get back on their feet quickly, and simple off-site backups or DR sites are not enough to allow for recovery in a reasonable period of time.
Organizations need to create an air gap where their recovery images are stored online but protected from attackers who have already penetrated the data center and internal networks. An air gap is necessary to create an isolated environment, with additional air gaps within that environment, but that is not sufficient on its own. There needs to be a well-defined process impacting all aspects of the business at all levels. Multiple point-in-time images need to be tested regularly for recoverability and potential impact of malware, and images need to be stored in immutable storage. All of this provides the ability to get a recovery image running in a production state quickly so that the business can become operational again.
Businesses looking to succeed in today’s environment need to evolve to protect themselves against actual cyber-attacks. Traditional methods are no longer sufficient to maintain a business during a persistent onslaught of attackers. An organization needs a holistic approach to cyber security and cyber resilience. This effort needs to be organized and maintained through a single leader with a directed team that plans and coordinates to shore up defenses and prepare for rapid and controlled recovery.
Explore this article to learn the challenges of ransomware and how your business can survive such an attack.