Ransomware Aftermath: Why Protecting Your Data is the Biggest Challenge Business Leaders Face in 2022

As our lives have become increasingly digitally focused, so has crime. With the pandemic accelerating the shift to working from home, what can organizations do to safeguard their data from being held hostage??

According to?ESG's 2022 Technology Spending survey,?63% of organizations have been exposed to ransomware, 48% have been victim of a successful attack, and 22% have been hit multiple times. Attacks are on the rise?because it’s easier than ever for criminals to launch an attack, and because organizations pay the ransom as the data taken hostage is so valuable to the company that they need to pay the ransom. In our digital age, data has taken on immense value because, without it, an organization simply can’t function. It affects the entire organization from a CEO who is suddenly in a negotiation phase to the IT department trying to get its head around the encrypted data.

Types of cyberattack

There are primarily three major types of cyberattacks: malware, phishing, and ransomware attacks. Malware is a general term for malicious software. Phishing refers to the process of deceiving recipients into sharing sensitive information with an unknown third party. The most harmful of this dark triad is ransomware which specifically refers to being denied access to your data or computer until you pay a ransom.

Evolution of the last line of defense

Mitigation against disasters ranges from fire, water, earthquakes, and data corruption to hostile data takeovers. Ransomware is a major problem that only continues to increase as we move into 2022. Storage administrators and IT infrastructure teams play a significant role in how data is protected and stored in a holistic cybersecurity strategy.

It is not enough to continue with what we have been doing for many years. Storage strategies are put under pressure when it comes to business continuity, resiliency, and data protection. By adding an immutable capacity layer, critical copies of data are “locked down” either in the secure zone in the data center, near cloud or public cloud to ensure that ransom attacks can’t get to your data. Immutable storage capacity will be a crucial part for a modern cybersecurity strategy as the last line of defense in the data center.

Protect your data against ransomware

Using a combination of methodology and technology, organizations are able to protect their data from ransomware access, which is the preferable first point of call. It is important to protect the core data center. This is even more paramount in remote working environments and the current complexity of today’s multicloud environment. So, to safeguard data protection, organizations must add another layer using immutable storage capacity (WORM = write-once-read-many), to not only perform backup of the data, but also store backups on immutable storage capacity. It is crucial to implement a multi-layered data protection strategy where hackers cannot tamper with your data.

Recover your data from ransomware

It’s critical that your business can quickly recover in the wake of a potentially devastating cyber-attack, which could damage its finances and reputation and also have devastating effects on end-users if sensitive data is either stolen or modified. It is also important to ensure that the data recovered is the latest up-to-date information. How often have you attempted to recover a file to discover the last salvageable version is days, even weeks, old? Again, in certain circumstances or industries, such as healthcare, this could result in irreparable damage. Successful implementation allows for immutability by both default and by design.

The need for new ransomware resiliency

To gain deeper insight into these challenges and uncover ways of developing strategies that equip organizations with a ransomware strategy, I participated in a series of virtual roundtable events held by “Meet the Boss” and “Nimbus Ninety” with C-Level and senior peers. Having reflected on previous conversations I’d had with CIOs, we invited participants to reflect upon the efficacy of their organization’s ransomware resiliency plans. It was noted that when implementing these plans, it is not only necessary to organize them but to rigorously test them. It is no good having a stellar ransomware attack strategy without identifying the cracks in the defenses internally. However, it was noted that there is frequent hesitancy in doing so despite what is at stake.?

The COVID-19 pandemic accelerated both the threat and focus on potential ransomware attacks. The new working-from-home culture has made data more vulnerable by removing it from the safety hub of the corporate environment and placing it into the hands of many who are ill-equipped to deal with its sensitive nature. Within this new distributed environment, participants agreed that successful ransomware strategies include a methodological as well as a technical angle. Training employees across the organization was paramount, with the old corporate adage of “security by design” no longer making the cut. However, the core principles of data security remain the same. Employing the multi-layered approach of access and identity management, understanding the principles of cloud and IoT, and utilising analytics to identify anomalies all contribute to the methodological and technical blockades.

Why are ransomware attacks still an issue?

One participant noted that the technology is there – so why are ransomware attacks still such a problem? It was concluded that organizations need to really understand the severity of the threat, and they need to implement adequate levels of safeguards and processes and ensure they are tested to their limit – because if they don’t, attackers will. Preparation was identified as key to the point that organizations develop muscle memory in their capacity to respond to attacks. Once this is developed, organizations can respond to threats they did not even anticipate. The discussion concluded with a resounding agreement that there is indeed a third pillar to be added to the guide to recovering from ransom recovery: methodology, technology, and?culture.

Not only a technology issue

During the second event, a lively debate ensued about how ransomware attacks are no longer merely the concern of “techies”. There was resounding agreement that it is now a greater issue than the technological sphere and should be analyzed from a strategic and operational level. Organizations frequently end up in a state of “board paralysis” during these attacks unable to make decisions on whether to negotiate with attackers and if so, how this is done and who by. All employees need to be educated on, and prepared for, ransomware attacks to allow for rapid decision making and adequate disaster mitigation planning by removing the silos between IT teams and executive decision-makers.?

Give in and pay is an inefficient strategy

It was acknowledged that security experts are always in crisis mode, with their primary state being that of a state of alert and defense. This makes innovation difficult as organizations are usually one step behind the attackers. Currently, 48% of organizations are paying to get access to data again which evidences the inefficacy of current ransomware strategies. Organizations should not have to invent new solutions each time there is an attack. In order to mitigate this constant state of paranoia, it was noted that preparation needs to be drilled into the organization as a whole in the same way that the technology is. This can be done by creating a playbook of ransomware recovery that becomes second nature during crises, by running through and testing these disaster recovery strategies. However, recovery should not be the primary focus, but rather prevention and disaster mitigation.?

Another topic was the need for automation of the recovery process and being able to create a secure zone environment. An environment where it is possible to isolate server or application pool to proactively test protection copies for recovery, as well as run intensive ransomware and malware scans without impact on production programs. The safe zone should also be used for full force penetration testing, security check validation, automating the data recovery process. One mentioned that the recovery process of 300 virtual machines could involve 1,500 manual steps, and this needs to be brought down to a few steps otherwise it will take weeks to months to recover data on a large scale.

Your safety net against ransomware attacks

Participants concurred that you must get the basics right. The backup solution at the end of the chain is your last safety net, but there is much to get in place before then. There needs to be a focus on mitigation rather than recovery with a holistic view of an organization’s ransomware strategy. Let’s face it, the cost of a ransomware attack is so enormous that mitigating that risk with a well-prepared solution that can repel attacks, makes sense every way you look at it. This is possible with a modern, elegant approach to unstructured data and a second layer of immutable storage to protect your most vital data assets.?

Hitachi Ops Center can provide ransomware mitigation that help customers guard your data assets. It orchestrates the replication between on-premises, near cloud, as well as public clouds to provide backups of the data. By creating an immutable storage environment with object storage, critical copies of data are “locked down” either in the near cloud or public cloud to ensure that ransom attacks don’t encrypt your data.

Read our insights and guidance as your first step in finding out how Hitachi Vantara's solutions can keep your data safe.

Hitachi Ops Center a?modern data protection, Hitachi Data?Protection Products, Hitachi?immutable storage?and Hitachi?improves Cyber Resiliency with isolated “thin digital twin” environments

Tom Christensen is Global Technology Advisor and Executive?Analyst at Hitachi Vantara.