According to ESG research, nearly two-thirds of surveyed organizations across North America and Western Europe have experienced a ransomware attack in the last year, with 22 percent reporting weekly attacks.
Recent high-profile attacks include the Pennsylvania Senate Democrats who ultimately paid $700,000 to rebuild their IT infrastructure from scratch, a fetal diagnostic lab in Hawaii which compromised the records of more than 40,000 patients, and the Bristol Airport in England who resorted to using paper posters and whiteboards to announce check-in and flight information after they lost all in-house TV screens.
The consequences to these organizations and others are far reaching, not only having a negative impact on the confidence of their employees and consumers, but also potentially destroying mission-critical data that can’t be reproduced easily or without major financial repercussions.
Even in cases where an enterprise might choose to pay, the ransomed data would likely be considered too risky or corrupted to use – if it was even released at all.
Also to be considered, the real-time impact on companies while their information is being held. Data and systems unavailability can trigger a domino effect of other technical and business consequences. ESG research found that 71 percent of surveyed organizations could not tolerate more than one hour of downtime for their high-priority applications, which tend to be the same ones primarily targeted by ransomware.
Additionally, from a recovery point objective perspective, 51 percent of organizations surveyed by ESG report that 15 minutes of data lost by those same applications is the maximum they can withstand without significant business impact including:
While there is no magic solution to completely avoid ransomware attacks, there is an opportunity to implement systemic and resilient IT measures and best practices to mitigate the dangers.
To fend off attacks, there are several recommended factors and activities to focus on:
Finally, a focus on incident response and preparedness must be front and center to thwart or recover from an attack. Enterprises should test their incident response plans, including the ability to effectively restore production systems and data.
Beyond cybersecurity measures, backup and recovery are important to ensuring uptime and need to be optimized. Best practices include:
Veeam’s Hyper-Availability Platform offers data availability to enterprises no matter where the data lives. It is perfectly suited for ransomware protection with a direct focus on data centers and endpoints.
On the data center side, Veeam allows organizations to restore data infected by ransomware to a known-good state. End-users can use the Veeam Availability Suite to perform granular restore operations by databases, applications, files, and operating systems, but it is likely complete recoveries will be needed to restore systems affected by ransomware. Veeam also provides advanced protection for popular online applications like Microsoft 365.
Endpoints can be a first line of defense from a cybersecurity perspective because they are often the primary entry point of ransomware attacks. Veeam Agent for Linux and Veeam Agent for Microsoft Windows are solid backup tools for laptops and PCs that provide image-based backup and recovery for non-virtualized systems.
Ransomware is going nowhere fast and will continue to grow as a threat to enterprises around the world, creating an ever-evolving challenge for cybersecurity and data protection professionals.
Ransomware needs to be managed with a combination of best practices and tools spanning a wide array of technologies. Even the best prepared organizations are vulnerable to data and system availability failures caused by cybercrimes, which makes the role of backup and recovery technology and related practices even more vital.
Optimizing data and systems availability requires careful planning and a strong set of tools to recover assets and services in a timely fashion with limited losses. Veeam’s Hyper-Availability Platform does just that, and has already helped numerous enterprises to a successful recovery.
Learn how network segmentation can also be a helpful strategy for mitigating cybersecurity risk in our paper, Using Network Segmentation to Manage Malware and Ransomware Risk.