The rise of ransomware has probably done more to highlight the intimate relationship between cybersecurity and data protection that should exist between functions than arguably any other event in the history of IT. The only practical defense against ransomware attacks is to make sure there is a pristine copy of data residing somewhere that hopefully can’t be compromised. In an ideal world, backing up data should not be a continuous process to limit the amount of data that cybercriminals might be able to hold hostage.
Unfortunately, much work still needs to be done when it comes to unifying cybersecurity and data protection. Just this week Associates in Psychiatry and Psychology (APP) revealed that it elected to pay ransom to decrypt files that had been infected by cybercriminals demanding payment in Bitcoin. The reason for making the payment had nothing to do with the loss of any sensitive patient data. The IT staff at APP doesn’t think that occurred. What prompted APP to make the payment was the recovery process associated with reinstalling all the software and associated data they needed to replace was simply too complex. In terms of cost, it was less expensive to pay the ransom than dedicate hours of time and effort to a recovery effort.'The recovery process was simply too complex. It was less expensive to pay the ransom than dedicate hours of time and effort to a recovery effort.' - Why one company chose to pay a ransom despite having good backupClick To Tweet
Not everyone may agree with the APP decision in principle. Some may even argue that the psychiatric services form engaged in a bit of rationalization that only serves to enable cybercriminals. But from a time and labor perspective, it’s easy to see why APP decided to ransom its data for what reportedly amount to a single-digit amount of Bitcoin.
APP is far from the only company to come to the same conclusion. The real issue here is the lack of integrated processes spanning cybersecurity and data protection. Many organizations today rely on, for example, disaster recovery-as-a-service (DRaaS) platforms to make applications and data available on an external cloud, while they work to replace files locally. One way to view ransomware is simply as just another type of disaster. Once detected that disaster should result in a range of processes being automatically generated, spanning everything from isolating the endpoint to backing up as many files as possible before they get infected. Conversely, a lot more automation also clearly needs to be applied to the recovery process. If it remains too difficult to recover from a disaster such as ransomware, then more organizations are going to come to the same conclusion as APP. In effect, the total cost of recovery as it stands today plays into the hands of the cybercriminals.
Of course, many organization still manage cybersecurity and data protection in isolation from one another. Even in organizations that have a small IT staff, decisions about cybersecurity and data protection are rarely made in concert or, for that matter, at the same time. That lack of coordinated effort needs to be fundamentally addressed by unifying the management of cybersecurity and data protection on a truly end-to-end basis.
As is often the case when it comes to determining who the real enemy is many IT organizations will need to take a good long look in the mirror. There’s no doubt cybercriminals are evil. But in most cases they are simply exploiting a disjointed set of processes that have existed inside most IT organizations in a period of time that can now be measured in decades.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.