Data Storage Best Practices for Overcoming a Ransomware Attack
This is part of Solutions Review’s Premium Content Series, a collection of contributed columns written by industry experts in maturing software categories. In this submission, Spectra Logic‘s Senior Director of IT Tony Mendoza highlights data storage best practices for overcoming a ransomware attack.
According to a Sophos report on real-world experiences of 5600 IT professionals, 66 percent of organizations surveyed were hit with ransomware in 2021 – and the average cost to recover from ransomware attacks was $1.4 million, with organizations taking an average of one month to recover from the damage and disruption.
For many organizations, the outcome after a ransomware attack can be catastrophic. This type of malicious and intelligent software breaks through an organization’s IT infrastructure and threatens to publish, sell or otherwise prevent access to the victim’s digital content unless a ransom is paid. The ransomware encrypts files and holds them hostage until the threat actors get what they want. Therefore, it’s imperative for organizations, small or large, to ensure their IT infrastructures are ransomware resilient. No single solution or security control is going to stop ransomware, but taking a layered security approach, will help mitigate the impact and get organizations back up and running very quickly.
Become Ransomware Resilient
There are ways to avert a possible attack, including instructing users on the techniques used in phishing threats; deploying reliable malware protection software; regularly updating systems and software, and employing intelligent threat detection and response systems. However, threat actors are extremely determined, so every data-driven organization needs to be ready for an attack because it’s not a matter of ‘if’ but ‘when’ an attack will occur.
Multiple Copies on Multiple Storage Platforms
Air Gap is Critical
To be safe, organizations must ensure that they have a truly air-gapped copy of their data protected at all times, meaning that a copy of the data sits safely outside the network. Tape storage is one solution that enables the data to be stored out of the network stream making for an affordable and effective air-gap strategy. Having that untouched copy on tape can provide an IT professional with the confidence to say no to paying the threat actors should ransomware hit their infrastructure. Today, many organizations use the cloud as part of their data storage strategy. While cloud can be helpful for several purposes, it’s often made up of disk systems accessible by WAN, which means the cloud too can be susceptible to an attack.
Reduce the Blast Radius
Another step is to deploy storage lifecycle management software that moves inactive data regularly off of tier one storage to another tier of storage. If all data is sitting on tier one storage, and that system needs to be rebuilt, there’s no way to identify which files are critical and which are not. That why it’s smart to deploy data management software ahead of time before a breach occurs.
Devise a Game Plan
After an attack, time matters. A well-thought-out data protection communications plan will make things easier, especially if the email is down. It will enable an IT professional to communicate quickly with key targets to expedite next steps, including contacting the FBI as part of the plan.
Cyber insurance companies provide IT security experts who evaluate the damage, determine whether data was breached, and assist in terminating the attack. This insurance acts as a security follow-up team enabling IT professionals to call on trained experts when an attack occurs.
With the proliferation of ransomware attacks, IT professionals need to bolster their data protection strategies to include ransomware resiliency. Above all else, it’s imperative to maintain a backup copy of critical data offline, typically on tape, behind an air gap, to prevent the data from being infected and to resume operations as quickly as possible.