Why is data recovery considered the new frontier in combating ransomware?
Ransomware has become one of the most serious cybersecurity threats today as attackers target individuals, businesses, and government entities. Cybercriminals encrypt crucial data and demand substantial ransoms, causing operational disruption and significant financial and reputational losses. In the past, some ransomware attacks made headlines, but unfortunately, the threat from ransomware has evolved into a reality that nearly every enterprise must face. Reports show that 85% of businesses experienced at least one ransomware attack last year, with roughly half of them enduring two to three attacks.
As a result, with cybercriminals continuously improving their tactics and finding new ways to bypass security measures, the question has shifted from “if” you will be attacked to “when” you will be attacked. While traditional preventive measures like firewalls and antivirus software are crucial, they alone are insufficient to counter advanced ransomware attacks. Businesses must prioritize robust recovery strategies to minimize the impact on operations, business continuity, and reputation. Despite the recognition of this importance by many, substantial recovery capabilities to combat ransomware attacks require a stronger focus on incident response and disaster recovery plans and processes.
Paying the ransom is not recovery
Paying the ransom is not a recovery strategy, and simply having data backups is not enough either. Last year, a significant percentage of businesses opted to pay ransoms to terminate attacks and recover their data, with this proportion increasing by 4% compared to the previous year. Although 41% of businesses adopted a “no ransom payment” policy, such situations still occurred. However, among the businesses that paid ransoms, only 59% successfully recovered their data, while 21% still suffered data loss. Similarly, even if you believe you have sufficient data backups to avoid paying a ransom, over 93% of attackers target backups as part of their cyberattacks, and in 75% of these cases, they successfully undermine the victim’s recovery capability.
A reliable disaster recovery process comprises three stages: preparation, response, and recovery. Preparation includes having backups in place, but equally important is having recovery locations prepared in advance. Many businesses realize this too late. You cannot restore systems to their initial state because they have been compromised and are an active crime scene. And you certainly don’t want to start preparing and mastering a new cloud environment during an ongoing ransomware attack. Effective disaster response measures, including reporting and controlling the event, pre-prepared incident response and forensics, ensure you know what’s impacted and whether your environment (especially backups) has been tampered with. Only with effective disaster response measures can you confidently proceed with recovery.
Starting from the right place
Effective preparation for disaster recovery is only valid when your planned backups are flawless. If you have only one data backup, and it gets hit during an attack, you’re back to square one. Instead, businesses should follow several golden rules to enhance network resilience:
First: Security teams must ensure immutable copies of critical data, preventing hackers from tampering with or encrypting the data.
Second: Data encryption is crucial as it ensures that hackers cannot access, steal, or leak data, leaving them powerless.
Third: Keep at least three copies of data whenever possible to ensure there are additional copies available even if two devices are compromised or fail. The likelihood of three devices failing simultaneously is low. Store these backups on two different types of media, such as one on internal hard drives and another in the cloud. One copy should always be stored in a secure offsite location, and another should remain offline (physically isolated) without connectivity to the primary IT infrastructure.
Escaping ransomware
There’s no doubt that ransomware attacks have consistently evolved and escalated in scale, complexity, and impact. The issue now is no longer whether businesses will be targeted by cyberattacks but how frequently they will be attacked. This shift means that measures to combat ransomware are moving from prevention to post-attack recovery.
While security and preventive measures are undoubtedly important, post-attack recovery is the new frontier in the fight against ransomware, and having a comprehensive disaster recovery plan is crucial. By prioritizing data backups, investing in modern recovery technologies, and establishing robust disaster recovery plans, businesses can strengthen their network resilience, enhance post-attack recovery capabilities, and mitigate the risks of ransomware.