Why rapid recovery is key to minimising the ransomware threat

Image Credit: Shutterstock (Image credit: Image Credit: Carlos Amarillo / Shutterstock)

There are a huge number of different cyber-security threats that companies today have to worry about, ranging from phishing and denial-of-service attacks to zero-day exploits and even simple human error – just to name a few.

But, of all the threats plaguing today’s digital world, ransomware in particular has become big business. Over the last couple of years, more and more cybercriminals have turned to sophisticated ransomware attacks to disrupt business operations and extract vast sums of money from their victims.

After reaching fever pitch in 2017 thanks to the infamous WannaCry attacks, the threat is showing no signs of diminishing. In fact, it’s increasing. For example, Verizon’s 2018 Data Breach Investigations Report identified ransomware as the most common type of malware targeting organisations, found in 39% of malware-related data breaches.

What’s more, Malwarebytes observed an 88% increase in the number of ransomware attacks aimed at businesses in Q3 2018 compared to the previous quarter, while Europol kept ransomware at the top of its malware threat list and described it as “a stable attack tool for cybercriminals” in its 2018 Internet Organized Crime Threat Assessment (IOCTA). 

These figures clearly highlight how cyber-criminals are continuing to switch targets, focusing more on businesses than consumers as they traditionally did in the past. Consumer-facing ransomware attacks have steadily declined, primarily because it has quickly become apparent to attackers that going after businesses that have swathes of customer data to protect is much more profitable.

But it’s not just the prevalence of attacks that businesses today have to worry about. The financial impact of being hit by ransomware is also continuing to grow.

Big bucks at risk

So, how much can ransomware actually cost businesses? Well, it was predicted that global ransomware attacks would cost more than $8 billion in 2018, while a new insurance industry-backed report claims that a global ransomware attack could hit more than 600,000 businesses worldwide, potentially costing $193 billion.

The report outlines the hypothetical scenario of an attack being launched through an infected email. Once the email is opened, it is automatically forwarded to all contacts, ultimately encrypting the data on tens of millions of devices across the world. Businesses would then either have to pay a ransom to retrieve their data, or replace any infected devices, having the potential to cause significant economic damage due to a range of associated costs.

The worrying thing is that it isn’t much of a stretch to envisage this exact scenario playing out. And if it did, a combination of factors including business downtime, lost productivity, ransom payments and reputational harm – not to mention the possibility of regulatory fines – would certainly have a huge financial impact.

Clearly, companies have to do something to minimise the risks, but they have to make sure they are focusing on the right areas. For example, with both the threat of ransomware attacks and the potential costs to businesses on the rise, many organisations are spending an increasing amount on cybersecurity software in an attempt to protect themselves. However, it’s now virtually impossible to stop every attack, especially for large businesses with complex infrastructures.

That’s why, rather than prevention, decision makers need to ensure that their focus is firmly set on resiliency and recovery in the event of an attack. The question is, are businesses recognising this need and putting plans in place for when the worst does happen?

Image Credit: Pixabay

Image Credit: Pixabay (Image credit: Image Credit: The Digital Artist / Pixabay)

The need for speed

Despite the clear threats to their corporate data, our recent research found that more than half of organisations (56%) don’t have a disaster recovery plan in place should they fall victim to a cyber-attack. In addition, only one in four (26%) IT decision-makers feel extremely confident in their organisation’s ability to recover their data in time to avoid business disruption.

In today’s world where the next cyber-threat is just around the corner, these figures illustrate just how far behind businesses have fallen. Traditional security efforts have largely concentrated on endpoint protection and training employees on how to avoid falling into the ransomware trap in the first place. Although organisations do have a responsibility to educate their staff, the overall impact of an attack is determined by the ability to recover stolen or encrypted data as quickly as possible.

It’s therefore vital that businesses have the infrastructure in place to be able to quickly restore business-critical information and maintain the continuity of operations if end user education and endpoint security don’t work. This is where backup and recovery solutions come into play. The ability to assure backup redundancy onsite, offsite, online and in the cloud can render ransomware attacks powerless, especially if backups are continuously tested and validated to ensure that they aren’t also infected.

The most effective back-up and data recovery solutions allow businesses to ‘go back in time’ to multiple predetermined recovery points and recover their data error-free, without the need to pay a ransom at all. This technology - called data rewind - prevents corruption by rewinding files to a point in time before they were corrupted. It is particularly beneficial if corrupted data on the master server is replicated to the replica server, making it necessary to restore the data to its previous state before the corruption occurred. 

This process can then be regularly updated to ensure that the most important data, such as customer information, is always regularly recoverable. Not only will this save valuable time and money when the worst does happen, it can also go a long way towards fostering customer trust. 

Ultimately, it has become clear that deploying data protection tools that safeguard corporate information through data backup and recovery is now essential. Having a combination of these technologies in place can help businesses defend against the scourge of malicious ransomware attacks, providing the ability to quickly restore their data and get their operations back up and running.

After all, while some attacks will always slip through the net, it’s the recovery time that can really make or break an organisation in today’s fast-moving, hyper-competitive business environment.

Steve Robinson, Territory Director UKI and Netherlands at Arcserve 

Steve Robinson
Steve Robinson is the Territory Director for UKI and the Netherlands at Arcserve.