SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
StorageCraft report suggests firms need a 'ransomware reality check'
Thu, 12th Dec 2019
FYI, this story is more than a year old

It's time for a ‘ransomware reality check', because having a recovery plan and actually making sure it works are two entirely different things.

A recent survey of 700 companies in Australia, France, Germany, North America, and the UK found that 68% of respondents have a ransomware recovery plan, yet almost a quarter (23%) don't test those plans, and 46% test them once a year or less.

The research shows that having a plan just is not enough, suggests StorageCraft vice president of marketing and product management, Shridar Subramanian.

 “Even though ransomware continues to be a scourge on business, with a reported 118% increase of incidents in the first quarter of this year alone, our research shows too many organisations are ill-prepared to protect against it. They must take a reality check and assess and test their ability to protect and recover from a ransomware attack.

Research results also found that an overwhelming 86% of respondents confirmed they suffered data loss in the past year, with over a quarter (27%) suffering data loss in the last six months.

The research also uncovered issues around the budget and complexity of IT infrastructure, which will add to the challenge of ransomware preparedness.

Almost half (46%) say they don't have the budget to manage their data and recover from a failure adequately.

However, 49% of respondents reported they have between 3 and 5 different types of systems to manage and protect data. Thirty-three percent have six or more different types of systems.

StorageCraft recommends that organisations assess and test their plans for ransomware prevention, remediation, and recovery.

Critical elements of a successful plan for ransomware remediation and recovery include:

Immutable Snapshots: To ensure unstructured data can be recovered, companies should protect their information with continuous immutable snapshots. Data captured this way is ‘frozen' and cannot be overwritten or deleted by ransomware attackers. This ensures an organisation can revert to a secure set of data.

Orchestration: A successful recovery process requires that business-critical data and applications are prioritized. Companies using cloud-based recovery should pre-determine the order in which their data and applications will be recovered. This ‘orchestration' ensures minimal downtime, once data recovery begins.

Immediate Recovery: Considering one minute of downtime costs $5,600 according to industry analyst firm Gartner, the speed of recovery following a ransomware attack is a crucial element of the remediation and recovery process.

Failback: After a successful cloud-based recovery, the last step in remediating a ransomware infection is returning the data infrastructure to its original location and resuming operations as usual. The planned failback process should have a minimal impact on production applications to minimise any additional downtime and adverse effect on the business.