Further highlighting the difference between the perception and reality of being able to recover from a ransomware attack, the majority (86%) of respondents confirmed they suffered data loss in the past year, with over a quarter (27%) suffering data loss in the last six months. The research also uncovered issues around the budget and complexity of IT infrastructure, which will add to the challenge of ransomware preparedness.
- Nearly half (46%) of respondents reported that they do not have the budget to manage their data and recover from a failure adequately.
- Again, nearly half (49%) of respondents reported they have between 3 and 5 different types of systems to manage and protect data. Thirty-three percent have six or more different types of systems.
Said Shridar Subramanian, vice president of marketing and product management at StorageCraft: “Even though ransomware continues to be a scourge on business,with a reported[1] 118% increase of incidents in the first quarter of this year alone, our research shows too many organisations are ill-prepared to protect against it. They must take a reality check and assess and test their ability to protect and recover from a ransomware attack.”
StorageCraft recommends that organisations assess and test their plans for ransomware prevention, remediation, and recovery. First, businesses should identify and locate their business-critical data and take comprehensive steps to protect it. This step includes email security systems, firewalls, regular software updates, clearly audited administrative and access policies, and ongoing user education. However, prevention is not foolproof, which is why a ransomware-specific plan for remediation and recovery is essential. Thwarting ransomware is dependent on an organisations’ data locality (i.e., on-premises, in the cloud or in cloud-based applications such as G Suite and O365) and preferred recovery location. Critical elements of a successful plan for ransomware remediation and recovery include:
- Immutable Snapshots: To ensure unstructured data can be recovered, companies should protect their information with continuous immutable snapshots. Data captured this way is ‘frozen’ and cannot be overwritten or deleted by ransomware attackers. This ensures an organisation can revert to a secure set of data.
- Orchestration: A successful recovery process requires that business-critical data and applications are prioritized. Companies using cloud-based recovery should pre-determine the order in which their data and applications will be recovered. This ‘orchestration’ ensures minimal downtime, once data recovery begins.
- Immediate Recovery: Considering one minute of downtime costs $5,600 according to industry analyst firm Gartner[2], the speed of recovery following a ransomware attack is a crucial element of the remediation and recovery process. Solutions such as StorageCraft VirtualBoot provide the ability to recover virtual and physical infrastructures - and both structured and unstructured data - instantly.
- Failback: After a successful cloud-based recovery, the last step in remediating a ransomware infection is returning the data infrastructure to its original location and resuming operations as usual. The planned failback process should have a minimal impact on production applications to minimise any additional downtime and adverse effect on the business.