Check out all the on-demand sessions from the Intelligent Security Summit here.
It seems that most IT environments are not connecting the dots when it comes to ransomware and the importance of a good protection system. This is easy to infer when reading a recent IDC survey of more than 500 CIOs from more than 20 industries worldwide.
The most headline-grabbing statistic from IDC’s report is that 46% of respondents were successfully attacked by ransomware in the past three years. That means that ransomware has become the primary reason why it should be better at recovering big data after surviving past natural disasters. Years ago, the main reason for such restores was hardware failure, since the failure of a disk system often meant a complete restore from scratch.
The advent of RAID and erasure coding changed all that, putting natural disasters and terrorism at the forefront. However, the chances of any one company facing a natural disaster were actually pretty low – unless you lived in some disaster-prone area, of course.
Lost money, lost data
That 46% basically means that your chances of being infected by ransomware are a coin toss. Worse, 67% of respondents paid the ransom and 50% lost data. Some commentators underestimated 67%, perhaps indicating that these organizations are responding to a ransomware tactic known as extortionware.
The incident
Intelligent Security Summit On-Demand
Understand the critical role of AI & ML in cyber security and industry specific case studies. Watch on-demand sessions today.
See here
In this case, the business gets a demand like, “Give us $10 million, or we’ll publish your organization’s worst secrets.” However, even if we put that statistic aside, we’re still left with the fact that half of organizations affected by ransomware have lost critical data. That’s two coin tosses. This, as they say, is not good.
Ready for an attack? Probably not
But the story gets worse. Surprisingly, the same organizations that have been attacked and lost data seem to be thinking a lot about their ability to respond to such events. First, 85% of respondents claimed to have a cyber-recovery playbook for intrusion detection, prevention and response. Any organization is likely to respond “absolutely” if you ask them if they have such a plan.
In fact, you might ask what’s going on with the 15 percent who don’t seem to need one. They’re like the fifth dentist in the old Dentine ad, “Four out of five dentists surveyed recommended sugarless gum for gum-chewing patients.” If your organization doesn’t have a cyber recovery plan, the fact that so many businesses have been attacked can hopefully motivate your leadership to make that change.
An organization must first apologize for being a victim of a ransomware attack. After all, ransomware is an ever-evolving field where wrongdoers are constantly changing their tactics to gain traction. Hard to fathom, 92% said their data resiliency tools are “effective” or “highly effective.” It goes without saying that an efficient tool can recover data so that you don’t have to pay a ransom – and you definitely don’t lose data.
Reduces attack damage
There are several key parts to detecting, responding to, and recovering from a ransomware attack. You can design your IT infrastructure to minimize the vulnerability of an attack, such as denying the use of new domains (stopping command and control) and limiting internal lateral movement (reducing the ability of malware to spread internally). But once you are attacked by ransomware, it requires the use of several tools that are more efficient if automated.
For example, you can move from limiting lateral movement to completely stopping all IP traffic. If infected systems can’t communicate, they can’t do much damage. Once the infected systems are identified and shut down, you can begin the disaster recovery phase of bringing the infected systems online and ensuring that the recovered systems are also free of infection.
The power of automation
Automation is the key to making it all possible in the shortest possible time. Tasks can be completed instantly and simultaneously. A manual approach can cause more downtime as an infection spreads through your IT environment. All agree that automation is important, including 93% of IDC’s survey respondents who stated that they have automated recovery tools.
Therefore, nine out of 10 respondents said their data resilience tools are efficient and automated. However, if this were true, half of those attacked would not have lost their data, and fewer would have paid the ransom.
So what does this mean? The biggest takeaway is that you need to take a look at your environment. Do you have a plan to respond to a ransomware attack? Does it immediately shut down your environment to limit further damage while you investigate? Can you also automatically recover infected systems?
If the odds of your attack using ransomware are like a coin toss, it’s time to take off the rose-colored glasses and get to work.
W. Curtis Preston is the chief technical evangelist at Drua.
Data Decision Makers
Welcome to the VentureBeat community!
DataDecisionMakers is a place where experts, including technologists, who do data work can share data-related insights and innovations.
If you want to read about cutting-edge ideas, up-to-date information, best practices, and the future of data and data technology, join us at DataDecisionMakers.
You might consider contributing an article of your own!
Read more from DataDecisionMakers
