The following is a guest post from business continuity specialists, Databarracks.
Ransomware has become the biggest cause of major recovery for organisations in the UK. Over 50 new variants have emerged since the start of 2016 and outright prevention is practically impossible. Attacks are evolving too quickly and software-based anti-virus solutions simply can’t keep pace.
Due to the amount of revenue being generated by cyber criminals, experts are predicting continued growth in both the sophistication of targeting and in the volume of attacks. The prevalence of attacks means organisations must now assume that an infection will occur at some point, and devise specific incident response plans to minimise downtime and data loss.
Once infected by ransomware, you essentially have two options: you can pay the ransom or you can recover your data from a previous backup. Interestingly, recent research from Trend Micro suggests that a fifth of organisations who pay the ransom don’t actually get their data back - so the only way to be fully protected is to have historic copies of your data.
When recovering from ransomware, your main objectives are to minimise the amount of data loss and to minimise the amount of IT downtime for the organisation. But despite Disaster Recovery as a Service being the preferred method of IT recovery for many organisations, traditional disaster recovery services aren’t optimised for cyber threats.
With traditional disaster recovery, the replication software immediately copies the ransomware from production IT systems to the offsite replica. Recovering from ransomware demands reverting to a clean historic version of your data from before the infection occurred, which usually means restoring from backups. The problem with restoring from your backups, however, is the length of time it takes. Restoring every file from a large document management system can take hours, or even days, when recovering from backups, so you’d have to factor in significant downtime for the recovery process too.
The rapid change in the cyber risk landscape demands an equally swift response in our methods of defence. To solve this problem, we’ve developed a new service called Cyber-DRaaS to offer the least downtime and data loss possible. After initial scanning to establish a clean bill of health, we continuously replicate and scan your environment in isolation on our secure infrastructure platform. This delivers a regularly updated point in time from which to both scan against and recover to.
This is all done offline so the scan can be far more aggressive than the usual malware scanning that you would perform on a production system. If an infection is detected, we perform recursive scanning to find the most recent clean version of the data to roll back to.
If you take away one piece of advice from this blog post, let it be this: make ransomware the topic for your next DR test. Of all the activities around disaster recovery and business continuity, planning and testing are by far the most ignored.
We always say when it comes to business continuity, plan for impacts and test for scenarios. Impact-based planning works on the understanding that whilst there are an infinite number of possible disasters, the number of possible consequences at the operational level is much smaller.
Scenario-based planning focuses on the situation at hand. It asks users to anticipate the consequences of disastrous events and create resolutions ahead of time. Make a ransomware attack the focus for your next test to see how your team would cope, and to help create a step-by-step runbook for dealing with a real attack in future.
If it isn’t possible to do a full scale DR test, you should certainly do some low-level testing, like a tabletop test. And if you need some ideas on how to put your test together, we’ve created an interactive tabletop test simulator – and one of the scenarios that you need to recover from is a cyber attack.
Find out more about Cyber-DRaaS here.
Databarracks provides ultra-secure, award winning Disaster Recovery, Backup and Infrastructure services from UK-based, ex-military data centres.
Databarracks is certified by the Cloud Industry Forum, ISO 27001 certified for Information Security and has been named as a “Niche Player” in Gartner’s Magic Quadrant for DRaaS for two consecutive years. For more information, please see: http://www.databarracks.com/