StorageCraft® research reveals need for a ransomware reality check
December 2019 by StorageCraft®
StorageCraft® announced the second in a series of findings from an independent global research study of over 700 companies in Australia, France, Germany, North America and the UK on the attitudes of IT decision-makers (ITDM) around data management. The findings reveal a concerning disconnect between an organization’s confidence and its actual ability to recover from a ransomware attack. While 68% of respondents believe they have a clear plan in place and could quickly recover from a ransomware attack, nearly a quarter (23%) do not test their recovery plans. Of those that do test, nearly half (46%) only test their recovery plans once a year or less.
Further highlighting the difference between the perception and reality of being able to recover from a ransomware attack, the majority (86%) of respondents confirmed they suffered data loss in the past year, with over a quarter (27%) suffering data loss in the last six months. The research also uncovered issues around the budget and complexity of IT infrastructure, which will add to the challenge of ransomware preparedness.
• Nearly half (46%) of respondents reported that they do not have the budget to manage their data and recover from a failure adequately.
• Again, nearly half (49%) of respondents reported they have between 3 and 5 different types of systems to manage and protect data. Thirty-three percent have six or more different types of systems.
Florian Malecki, International Product Marketing Sr. Director at StorageCraft: “Even though ransomware continues to be a scourge on business with a reported 118% increase of incidents in the first quarter of this year alone, our research shows too many organizations are ill-prepared to protect against it. They must take a reality check and assess and test their ability to protect and recover from a ransomware attack.”
StorageCraft recommends that organizations assess and test their plans for ransomware prevention, remediation, and recovery. First, businesses should identify and locate their business-critical data and take comprehensive steps to protect it. This step includes email security systems, firewalls, regular software updates, clearly audited administrative and access policies, and ongoing user education. However, prevention is not foolproof, which is why a ransomware-specific plan for remediation and recovery is essential. Thwarting ransomware is dependent on an organizations’ data locality (i.e., on-premises, in the cloud or in cloud-based applications such as G Suite and O365) and preferred recovery location. Critical elements of a successful plan for ransomware remediation and recovery include:
Immutable Snapshots: To ensure unstructured data can be recovered, companies should protect their information with continuous immutable snapshots. Data captured this way is ‘frozen’ and cannot be overwritten or deleted by ransomware attackers. This ensures an organization can revert to a secure set of data.
Orchestration: A successful recovery process requires that business-critical data and applications are prioritized. Companies using cloud-based recovery should pre-determine the order in which their data and applications will be recovered. This ‘orchestration’ ensures minimal downtime, once data recovery begins.
Immediate Recovery: Considering one minute of downtime costs $5,600 according to industry analyst firm Gartner , the speed of recovery following a ransomware attack is a crucial element of the remediation and recovery process. Solutions such as StorageCraft VirtualBoot provide the ability to recover virtual and physical infrastructures - and both structured and unstructured data - instantly.
Failback: After a successful cloud-based recovery, the last step in remediating a ransomware infection is returning the data infrastructure to its original location and resuming operations as usual. The planned failback process should have a minimal impact on production applications