By Matt Kates, country manager at Zerto ANZ
While not a new problem, 2016 cemented ransomware as a challenge for Australian organisations that simply isn’t going away.
Ransomware has become more prevalent and more pervasive. Cybercriminals are getting smarter and more targeted with their attacks and new strains of ransomware are being developed on a daily or weekly basis. The question is no longer if we are going to get hit, it’s when.
We have moved from organisations recognising ransomware as a growing threat to most Australian organisations having experienced it. In our conversations with Australian companies, the past few months has moved the discussion from “we know this is an issue” to “we’ve been hit five times in the past month!”
While ransomware is targeting most Australians, larger organisations often make for bigger targets. The more complex the IT and business environment, the more spread out the platforms on which IT systems sit, the more staff members, the more ways cybercriminals can find to infiltrate the business.
What happens when we get hit?
Security strategies and products protecting the organisation against ransomware are vital; working with IT security vendors to ensure the right solutions and systems are in place should be the first point of call for any CSO.
The second consideration for CSOs is how to minimise the damage when the organisation does get hit, and making sure the business can be back up and running as soon as possible. A comprehensive approach, particularly in the fight against ransomware, involves considering IT security as a three-legged stool; the detection of attacks, prevention of intrusion, and fast recovery of critical data and applications to ensure uninterrupted business operations.
This combination ensures organisations are prepared and not just three steps ahead of malicious intent, but building IT resilience that allows the business to thrive in the face of attack.
It’s also important to recognise that many traditional disaster recovery technologies pre-date modern IT environments and were not created to protect virtual environments or protect against ransomware.
What do we protect and how do we know it’s protected?
To protect ourselves against ransomware and its potentially disastrous technological and financial consequences, we have to understand what’s needed to shield IT from the initial infection and how to recover as quickly as possible.
Part of a well-rounded IT and security investment strategy involves identifying on a regular basis the key applications and data that is at risk and making sure they are protected. Gather as many data points as you can before making a decision, but with a critical eye towards what the cost of downtime means and what you would personally consider acceptable as an end consumer.
Today’s IT landscape is more dynamic and unpredictable than ever before. To keep pace, an organisation’s disaster recovery plan must be easily implemented, and regularly tested with consistent success in order to prove its worth. The DR infrastructure must also be able to accommodate any changes in the IT environment over time, to protect against new holes and vulnerabilities created by IT updates.
Where do we start?
There are four key qualifying questions for CIOs and CSOs to consider when looking at revamping their DR plans and evaluating either existing technology, or acquiring new:
1. Can you recover (i.e. “rewind”) back to a point in time just seconds before a ransomware attack or IT outage occurs, being able to get critical data, applications, websites, and individual files operational within minutes?
2. Are you able to successfully and quickly run DR tests with a high degree of automation, or does such activity require long lead times, a large support team, expensive consultant resources, and result test outcome uncertainty?
3. Does your existing infrastructure and DR technology stack give you the flexibility to achieve continuous data protection with block level replication and enterprise-class scalability?
4. Does the organization currently experience vendor lock-in, making it restrictive to use other technologies that may better fit the company’s business needs?
In today’s IT world, it is absolutely necessary to protect the organization’s data. Efforts are needed across the business to safeguard company information and finances as well as the most valuable intangible asset – reputation. Paying a ransom is never recommended as there is no guarantee that an encryption key will be provided. The capabilities for immediate and full data recovery should be in place so that option never warrants consideration.