Ransomware recovery – the need for speed

Lock on Laptop Screen
(Image credit: Shutterstock.com) (Image credit: Future)

When it comes to speed of recovery following a ransomware attack, many organizations expect to wait days or weeks to get up and running again. Indeed, according to data from Sophos, the average time taken to fully recover from the damage and disruption of an attack is closer to a month.

The outcome of extended downtime is halted productivity and a direct loss of revenue. But beyond this, it can also result in lasting brand damage and a loss of customer (and stakeholder) trust. It can even lead to as many as 33% of affected organizations closing down entirely, either on a temporary or permanent basis, with smaller businesses being hit the hardest.

When it comes to ransomware recovery times, every second counts. So, what steps can organizations take to ensure they are positioned to recover within hours or days at the very least?

Christopher Rogers

Christopher Rogers is Senior Technology Evangelist at Zerto, a Hewlett Packard Enterprise company.

1 Set RPOs and RTOs

Recovery Point Objectives (RPOs) and Recovery Time Objectives (RTOs) are foundational disaster recovery metrics that play a key role in informing an organization's disaster recovery plan. RPO helps organizations understand the true cost of data loss following a ransomware attack, while RTO gauges how long it will take to recover data and applications.

By defining their specific recovery targets, organizations will be in a position to make some key decisions about how best to implement recovery strategies that are tightly aligned with their operational requirements and risk tolerance levels. This includes determining the technologies, resources and processes that will be needed to restore systems, applications and data quickly and efficiently.

To ensure that critical business processes and assets can be resumed in the aftermath of a ransomware attack with minimal or no downtime and data loss, most organizations will be looking to achieve the lowest possible RPO and RTO rates.

2 Consider implementing flexible recovery options

When it comes to the specifics of data recovery and how best to achieve their RPO and RTO objectives, many organizations will be faced with making a seemingly ‘either/or’ decision when it comes to which data vault architecture they should opt for.

On the one hand, cloud-based solutions hold a strong appeal for today’s organizations due to their low barriers to entry and ease of set-up. However, while cloud storage vaults provide maintenance-free and single-vendor convenience, organizations can often find they will have decreased control over their data.

By contrast, on-premises vaults offer enhanced control and security alongside unmatched near-instant recovery speeds. But there is no denying they require more time and expertise to set up, manage and maintain. This means organizations will need to apply some smart thinking to determine which technology is best matched to the data protection requirement associated with individual workloads. This is because, depending on the nature of the data and the specific recovery use case, one solution may prove preferable over the other. Since each solution offers a different balance of control, flexibility, and speed, the implementation of flexible recovery solutions will prove crucial for organizations looking to achieve cyber resilience and gain the ability to protect, and recover, from threats continuously.

3 The importance of rapid detection

When it comes to minimizing the impact of a ransomware attack, early detection can prove a game-changer. The earlier organizations are able to detect ransomware, the faster they can determine and isolate the point of impact, take action to mitigate an attack, prevent asset loss and downtime, and initiate recovery processes. Quick ransomware detection and recovery can significantly reduce and limit the extent of data encryption perpetrated by ransomware. It also enables organizations to roll back to a state just before the attack, with greater confidence and agility. All of this bolsters how they maintain business continuity.

Ideally, organizations should look to combine multiple detection techniques in order to find an approach that best fits their needs. This includes utilizing a comprehensive security stack that features real-time anomaly and encryption detection capabilities, so that organizations can get alerts that could signal the start of a ransomware’s detonation phase.

Shifting the recovery response needle

The growing prevalence of ransomware means that organizations everywhere need to take action to minimize data loss and recovery times when the inevitable happens - they become the target of an attack. Since cyber criminals are constantly evolving their tactics to bypass defenses, organizations need to rise to the challenge and boost their resilience to potential disruption. Doing this, however, will require a proactive and flexible approach that covers all the bases and supports the identified quick recovery objectives set out in RTOs and RPOs.

From undertaking a revaluation of typical recovery times to enhancing their quick response capabilities by initiating rapid detection, organisations will be better equipped to recover quickly and with minimal data loss. They will also need to consider the best blend of cloud and on-premises solutions for their needs, so they can enhance their resilience against ransomware threats and ensure a faster recovery following an attack.

We've featured the best online cybersecurity courses.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Christopher Rogers is Senior Technology Evangelist at Zerto, a Hewlett Packard Enterprise company.