Has your organization suffered from a ransomware attack recently? If not you’re lucky. According to Statista, we’ve already seen over 236 million attacks through August of this year. That number sounds scary and looking at the years prior we’re likely in for a significant amount of lost productivity, intellectual property (IP) and revenue in the very near future. Per the Global Data Protection Index 2021 put out by Dell Technologies, the average cost of unplanned downtime is around $513,000 per cyber incident. Data loss from those same incidents averages $959,000. It costs half a million dollars in downtime and almost a million in data loss every time we get attacked.
Those numbers add up to a significant amount of exposure and risk for organizations unprepared to prevent respond to and recover from ransomware or other cyberattacks. Given the nature of the criminal enterprise faced by often understaffed IT departments today it’s no longer a question of avoiding infection or paying for a tool to remove it. The business of crime has led to record payouts by attacked enterprises. How can we balance that equation to make it easier to recover from cyberattacks while still ensuring that we’re properly protecting our data and our users?
Nothing Ever Changes
One way that you can ensure that your data is safe from a ransomware attack is by having good backups. The majority of organizations that pay the ransom to have their data unlocked either did not have good backups or had backups that were corrupted as part of the ransomware process. If your data is properly protected you have a known-good starting point to work from to recover.
Dell Technologies has just a solution in the form of PowerProtect Cyber Recovery. This product has two major features that appeal to my sensibilities. The first is the ability to back up data in an immutable form in either an on-premises vault or in a cloud-based vault offered in partnership with several leading cloud providers. This ensures that your critical data is safe and sound whenever something unfortunate happens. Ransomware attackers are starting to target your backup files before they become visible to the rest of the organization to make sure you pay the ransom. By infecting your “last resort” backup copies first or corrupting those files you are more likely to give in to their demands or negotiate a higher price for the decryption key.
Dell PowerProtect Cyber Recovery allows you to mark your backup data as immutable, meaning data cannot be overwritten or corrupted. The Cyber Recovery Vault is isolated from production and backup networks to provide an immutable copy of critical data in the event recovery from a cyberattack is needed. The policies for these vaults can be configured to allow snapshot changes to be updated on a specific timeline and for the integrity of the data to be confirmed. No longer do you have to wonder if your backup is going to be enough to save you from infection.
Automated Response and Recovery
Dell PowerProtect Cyber Recovery integrates CyberSense, which leverages machine learning to analyze statistics and detect data corruption with up to 99.5% confidence. This means having a high degree of confidence that your vaulted data is free from corruption, tampering or compromise and ready for recovery if, and when, its needed. For example, CyberSense may detect a reduction in the amount of overall capacity in your storage system due to a number of files suddenly becoming encrypted. How does it know that for certain? Because you can’t compress an encrypted file. The machine learning algorithm notices a growing number of non-compressible files and determines that they are being encrypted. This can then trigger an alert to the operations team to have them start the recovery plan.
The manual process of a recovering data is tried-and-true but can be costly. PowerProtect Cyber Recovery includes solutions for automating the response to data recovery. Recommendations for corrupted files to be recovered will appear in the dashboard with options to begin the recovery immediately based on time or last known good confirmation. This ensures that the operations team can focus on getting the organization back to operational in the shortest amount of time. It also means that auditors and regulatory agencies can see the timeline of the files being infected and also the timeline of your response. That cuts down on needless bickering about urgency as well as the potential for large fines due to data loss.
Bringing It All Together
The odds aren’t in your favor when it comes to ransomware. The attackers have turned this into a profitable business that means it’s only a matter of time before you’re infected. The best time to start preparing for this is right now. If you don’t think backups can save you from file locking software you’re going to pay a very high price for your confidence. Rather than gambling on the future of your organization you should invest in Dell Technologies PowerProtect Cyber Recovery. You may never need to use it to save your locked files but the math for the cybercrime equation works out better if you’re prepared.