Ransomware in 2023 – it’s all about the recovery

Christopher Rogers at Zerto, a Hewlett-Packard Enterprise company explains the dangers of securing critical data and workloads in the same way as less important data

Last year saw a 38% increase in global cyber-attacks compared to 2021 and it is clear that the threat of ransomware isn’t slowing down anytime soon. Indeed, the global annual cost of cyber-crime is predicted to top $8 trillion in 2023, so organisations cannot afford to be complacent about this threat. Because it’s no longer a matter of ‘if’ an organisation will find itself the victim of a successful attack, but ‘when’.

Indeed, the growing prevalence of ransomware-as-a-service platforms means ransomware attack volumes are set to further ramp in the coming year. In response, IT teams will need to ensure that their cyber-security protocols are focused on prioritising recovery so that when the inevitable happens, their business can get back up and running quickly and with minimal disruption or data loss.

How ransom payments relate to recovery speed

Getting inside the mind of attackers to understand who they target and why is a valuable first step for determining how to develop a successful defence strategy.

Encrypting data is just a means to an end, as far as hackers are concerned. Their primary goal is extorting payments from companies in return for a decryption key that will give them access to their data once again.

Decisions about who to attack – and how – are made based on projected potential revenue returns. The larger the target company, the more security hurdles the attackers are likely to encounter. Which means investing time and money in the design of a highly sophisticated and elaborate assault.

Another key motivation for attacking companies is evaluating their likelihood to pay the ransom demand. This isn’t necessarily related to their ability to recover data in general, because every organisation will achieve this eventually. What’s important here is how quickly it’s possible to restart the systems and applications that are reliant on ‘hot’ production data.

IDC estimates that each hour of downtime costs businesses on average around $250,000, so the expenses related to a complete production standstill can quickly mount up. Which explains why some organisations conclude that it’s cheaper to pay the ransom to get their data back.

Instituting specialist protection for critical data

Knowing that hackers specifically target companies that cannot afford, or do not want, to have their critical production data and applications offline for extended periods of time means that initiating a defence strategy that protects a company’s production workloads becomes a ‘no brainer’.

The problem is the majority of backup strategies in play today primarily capture ‘cold data’ that can easily be restored in the days or weeks following an incident. But these backups will be of limited help where the critical data for productive workloads are concerned since they protect individual servers only – and not complete applications. As a consequence, restoring the data and creating applications using backups can take a very long time.

What’s needed is a better recovery strategy that will both deliver backups for less important data while offering a faster way to restore production applications. And that’s where solutions based on continuous data protection (CDP) can help.

CDP: state of the art workload and data recovery

Representing a major leap forward when it comes to the rapid recovery of critical data and workloads, CDP captures data changes the moment they are written and sets recovery points every 5-10 seconds. This makes it possible to return to a point in time just seconds before an attack or disruption occurs, with no significant data loss.

By contrast, traditional backups have extended backup intervals that can result in data loss when restoring since the last good copy is usually from last night’s backup and is likely hours old.

CDP can be automated and orchestrated to enable protection of entire sites and is capable of restoring, with just a few clicks, an entire virtualised data centre featuring thousands of active workloads and applications.

Implementing a data protection strategy based around CDP technologies minimises the risk of downtime or data loss following a successful ransomware attack. Making it faster and easier to resume mission-critical operations with minimal service loss. Leaving IT teams to focus on the restoration of less important data via backups, at their leisure.

Thwarting ambitions: taking the wind out of hackers’ sails

Attackers look to target their efforts on vulnerable enterprises that will offer a maximum return on the effort they need to expend to perpetrate a sophisticated ransomware attack.

Typically this will be organisations whose critical data and workloads are secured and protected in the same way as their less important data. As a result, their critical applications cannot be recovered quickly and that means that the likelihood of the extortionists receiving a ransom is correspondingly increased.

By adopting a more proactive defence measure to secure their critical data and workloads in such a way that their production applications can be restored in the shortest possible time, organisations will be able to take the wind out of a hacker’s sails. 

Christopher Rogers is a Technology Evangelist at Zerto, a Hewlett-Packard Enterprise company

Main image courtesy of iStockPhoto.com