Avi Raichel, Chief Information Officer at Zerto, discusses the need to adopt an approach to cybersecurity and data protection based on recoverware concepts and products, and tells us why businesses need to be better prepared for what they might face now that Digital Transformation is upon us.
2020 was an unforgettable year, and from a cybersecurity and data protection perspective, we learned several lessons. As companies and public sector organisations found themselves increasingly targeted with malware, ransomware and hacking attempts, it’s vital that we use the collective experience to improve outcomes for anyone on the receiving end of a breach.
Part of this must be a greater acceptance that being targeted by cybercriminals is not a question of if, but when. For many, the legacy approach to cybersecurity is focused on either doing everything possible to prevent a breach, or doing the bare minimum in the mistaken belief that an attack is highly improbable.
This needs to change. The security stakes are far higher than they were 12 months ago. Risks are more widespread and there are more opportunities for criminals to succeed. As a result, businesses need to be better prepared for what they might face now that Digital Transformation is an absolute necessity.
A huge part of this issue is mindset – organisations need to be ready for the worst possible scenario when considering their security posture. Managing and mitigating IT disruption, caused by an external attack such as ransomware, should be near the top of the list of concerns for every CIO. Recovery should be included in the technology and process investments made by IT and security teams, beginning with a clear-eyed view of reality and an acceptance that no matter how much investment goes into protection, eventually something – or someone – will get in.
In practical terms, the answer lies in radically improving the ability of cybercrime victims to recover. This perspective means the ultimate protection isn’t a wall around the perimeter, it’s the ability to continuously protect and quickly get back to business as usual.
Recovery solutions – or what we like to call, ‘recoverware’ – need to be fast and affordable, and organisations should be in a position to implement tools that provide Disaster Recovery and backup through continuous data protection (CDP) – right down to the final few seconds leading up to a breach. Think of it this way: paying a ransom is an unpalatable decision, to say the least. However, in far too many cases, organisations see it as their only option. This couldn’t be further from the truth. Having the power to recover data to a point immediately before ransomware strikes puts IT teams back in control of their destiny. Recovery becomes a powerful defence against a malware attack, not a last resort when all else fails.
Minimising the cost of downtime
Comparing approaches to dealing with ransomware helps to illustrate the recoverware process. In the traditional scenario, an organisation sees its network infected with the notorious CryptoLocker ransomware. As a result, all of its file servers become infected and their only recovery method is restoring from disk. In this situation, it’s not uncommon for the victim to experience hours (or days) of data loss, and many are unable to fully recover for several weeks.
The process is full of pitfalls. If, for instance, the organisation finds it is unable to restore any data from its disk backups, one option is to ship tape files to an outsourced data restoration specialist, with accompanying delay and additional cost. Even when data is then recovered, the recovery points may be different times with significant gaps, further complicating the challenge for IT teams and impacting the overall quality of recovery. But with data now available, file servers can be reconstructed and files restored. With testing carried out, the organisation can then begin a return to business as usual.
Business leaders can then assess the full cost of downtime, lost revenue, potential compliance breaches, as well as the impact on company reputation and customer loyalty. For some, this process is so painful that it presents a very real existential threat to the business. For those hit by a major ransomware attack, full recovery is far from certain.
The new alternative
The recoverware alternative, in contrast, seeks to restrict data loss to a matter of seconds and limit recovery time to minutes. By selecting a recovery checkpoint immediately before the ransomware attack, IT teams then immediately recover, test and reconnect servers to the network. By assuming recovery will be required and by building it into the standard playbook for defeating a ransomware attack, IT leaders acquire a protection ‘reflex’ against the worst implications of a malware breach.
In adopting an approach to cybersecurity and data protection based on recoverware concepts and products, CIOs take the view that it’s smarter and more logical to prepare to recover than to pay any ransom. This is not an admission of defeat, but a pragmatic perspective that prevention strategies must go hand-in-hand with the ability to quickly move on from the impact of an attack and back to business as usual.Click below to share this article