As ransomware variants grow in number and sophistication, it is practically inevitable that enterprises will be breached. Users are becoming more aware, but eventually there will be some users in the enterprise that click on something they shouldn’t. At the same time, ransomware has become more difficult to scan for, and its potential impact has become severer. It is important for IT professionals to take a stand, realizing that breaches will happen, and put in place a solid foundation for recoverability for when the inevitable breaches occur.
The first step in building recoverability is regular and consistent backups. It is especially important that data on laptops, smartphones and tablets be backed up because endpoints are the primary targets of ransomware, and because users access and store sensitive corporate data on their devices daily. It is ideal if data can be backed up to an isolated environment, so that the protected data is inaccessible to an attack.
Anomaly detection is another important tenet of the recoverability strategy. There may be thousands of files that have changed since the last backup occurred, and anomaly detection can help IT managers to more quickly notice when an attack is happening. Notification of impacted backups and the ability to identify the last known good backup are also important. Some variants attack slowly, as opposed to attacking thousands of files all at once. This makes it difficult to know which files have been encrypted and which have not.
The ability to access data from any location, and to restore that data to any location, is also fundamental to ransomware recoverability. Even if a mature, enterprise-wide data protection strategy is in place, in the event of a widespread attack, it will likely take a while for the production environment to be restored and operational. During that time, users will still need to be able to access their data.
When it comes to protecting against ransomware, the cloud offers a number of capabilities that warrant consideration by IT professionals. The cloud provider’s data center is fully off-site, and data may still be accessible in the event of an attack. Meanwhile, elastic, pay-as-you-go cloud compute cycles are quickly accessible and highly cost-effective, making them a prime candidate to support data monitoring and attack detection functions.
For additional discussion about the role that ransomware might play in your ransomware protection and recovery strategy, access Storage Switzerland’s on demand webinar with Druva, “Ransomware: Strategies for Protecting Your Weakest Link – Endpoints.”