Quell Ransomware And Malware Through Cyber Storage Resilience
An international ring of cybercriminals infiltrates an organization and is on the verge of taking the company’s data hostage. They had first gained access to the enterprise data infrastructure over 200 days ago, totally undetected, and are about to take control of the enterprise’s data sitting on primary storage. The threat is real. This could be any company—indeed, this could be yourcompany. The world without cyber storage resilience is a world vulnerable to cyberattacks.
Given that data is the “new gold,” it’s odd that more enterprises don’t make cyber storage resilience on both primary and secondary storage an essential part of their overall corporate cybersecurity strategy. An effective “secret agent,” even in the information technology realm, should know when and where trouble will occur. They must follow the clues and think outside the traditional box of only firewalls and antivirus software.
The value of data obviously continues to proliferate at unprecedented levels, but cybersecurity strategy has not always kept up with the speed of digital transformation. Companies have been relatively slow to combine cybersecurity and cyber storage resilience into a cohesive and comprehensive security strategy.
Aware of this new reality across virtually all industries, cybercriminals have become more sophisticated year after year, and cyberattacks continue to grow exponentially. Intruders take advantage of the value of data by accessing critical storage resources and unleashing ransomware and malware in many cases, among other types of cyberattacks. They exploit the vulnerabilities of enterprises that have left both their primary storage infrastructure and their secondary/backup/disaster recovery storage exposed.
The Goldfingers and Dr. Nos of today’s digital world have been lurking within the IT infrastructure, patiently monitoring and identifying what kind of cyberattack would wreak the worst havoc. They have strong financial motivation, albeit illegal and treacherous. It’s estimated that cybercrime will cost businesses $10.5 trillion by 2025. This would get the attention of any Bond villain or young, greedy “black hat” hacker with a computer in his mother’s basement and a chip on his shoulder. It also gets the attention of C-suites of enterprises.
As an IT leader, you are often expected to be as effective as James Bond at confronting and thwarting cyberattacks—and do it with style. If Bond likes his martini shaken, not stirred, how should you like your cyber storage resilience? Immutable, not changeable, and almost instantaneously recoverable.
The defense is only as good as the immutable nature of your data that can be recovered from a known good copy, how tight the air gapping is, how secure your forensic environment is and how fast the cyber recovery is.
Snapshots. Immutable Snapshots.
Immutable snapshots ensure that the copies of the data cannot be changed. They cannot be altered or deleted. Therefore, the integrity of the data is preserved. This is the first step. The next step is logical air gapping. Three types of air gapping are available: local or remote air gapping or both.
Logical air gapping puts much-needed space between the source storage’s management capabilities and the immutable snapshots. Local air gapping leaves that data on-site, while remote air gapping transports data to a remote system at an alternate location.
Recommended by LinkedIn
Fenced forensic environments are required to provide a secure area to expedite forensic analysis of immutable snapshots after a cyberattack. Within it, the data is analyzed so that a copy of the data that does not have any malware or ransomware is identified. Once that analysis is completed, then the safe data should be restored to your primary systems.
No matter how big or small the size of the data set, the data must be recovered. Reports in the media in recent years have said it often takes days to recover data in a large enterprise. To remain competitive and avoid losing millions of dollars, however, companies actually cannot wait that long. Heroics are invariably needed to “save the day.”
As if in an exciting scene in a James Bond movie when 007 neutralizes the “bad guys” through a mix of masterful skill, cutting-edge technology and smarter strategy, the data can be recovered in just minutes, thanks to new advancements in cyber storage resilience technologies. It can then be available to the enterprise’s primary systems and, when you are protecting the backup data set, fully to the backup software, enabling full restoration. Immutable snapshots are the secret ingredient that allows for rapid recovery—worthy of making the Bond movie’s innovative R&D genius, “Q,” envious.
All of this is indicative of a drive in the enterprise market to modernize data protection capabilities to include a significant element of cyber storage resiliency. Every piece of an organization’s storage estate must be cyber resilient to ensure business continuity in the face of a cyberattack.
To make this happen, you may want to take a page from the James Bond playbook. For Bond, technology is like a friend that helps in a time of need. It is common in the movies for 007 to use a jet pack, an exploding watch or a mobile phone that is also a remote control for his tech-heavy car. And in the modern enterprise storage solution—primary or secondary—cyber storage resilience should be included.
The right cyber storage resilience solution is a “set it and forget it” type of process. Once you set up your immutable snapshots, logical air gapping, fenced forensic environment and your recovery processes, when a cyberattack happens, you have already been preparing. Also, just as James Bond goes to Q’s lab to test new technologies, so should an enterprise practice cyber recovery just like they practice disaster recovery.
Just as an attack by Spectre is a threat to the world, so are cyberattacks threats to your enterprise. Bond would surely be impressed if you incorporate cyber storage resilience into your overall corporate cybersecurity strategy, so you leave no points of exposure for cybercriminals to exploit.