The relationship between IT security and data protection has never been as tight as it should be inside most organizations. In an ideal world, the identification of a potential security threat would kick off a series of backups to help make sure no data gets lost in the event that a security breach occurs. While that theory has been around for decades, the rise of “ransomware” is now turning that best practice into an absolute necessity.
Ransomware makes use of malware to deliver a payload that encrypts an organization’s data. The only way to regain that data is to pay a ransom to gain access to the keys needed to decrypt that data. The only real solution to this problem at the moment is for organizations to regularly back up their data. That way in the event of a ransomware attack, the organization can minimize the amount of data at risk.
Unfortunately, a new survey of 1,138 companies conducted by KnowBe4, which specializes in IT security training for end users, finds if faced with four hours of lost work from ransomware encryption, only 40 percent would rely on backup. Additionally, just over half (51 percent) said they would just reformat and start from scratch. When asked if they were confronted with a scenario where backups had failed and weeks of work might be lost, 42 percent said they would pay the ransom before doing anything else.
Of course, the amount of ransom to be paid depends on the nature of the data being encrypted. Most of the ransom fees being demanded are relatively trivial compared to the amount of time and effort currently required to recover data. But, over time cybercriminals can be expected to become more sophisticated and brazen. They will get better at identifying high value targets, and the amount of ransom being demanded will increase accordingly.
For this reason it’s clear that most IT organizations need to revisit their data protection strategies. The first order of business is to make sure that the backup process didn’t fail in the first place. Backup failures are much more common than most IT organizations realize. This is because testing the backup and recovery process is at best sporadic. It’s not until an actual crisis occurs that many organizations realize that the investments in data protection they made, are returning nothing but a bunch of corrupt files.
As cybercriminals become more sophisticated in their use of social engineering techniques to fool more end users into downloading malware, it’s only a matter of time before IT organizations find themselves routinely dealing with these attacks. The issue that many of them are not overly excited about admitting, is the poor state of data management hygiene that exists inside most IT organizations today.
Of course, IT organizations could spend a lot of cycles trying to figure out why this state of affairs has been allowed to persist all these years. But for the most part, that would be a waste of time. The far better thing is to first test your actual organization’s ability to recover files intact in a time manner. Assuming that experience leaves much to be desired, the next thing to do is implement a new data protection plan. The one big caveat, of course, is that now the clock is clicking between when cybercriminals discover how vulnerable your organization is, and the amount of time it takes for your organization to develop, implement and test that new data protection solution.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot. Mike also blogs about emerging cloud technology for Intronis MSP Solutions by Barracuda.