DIGITAL DIALOGUE
Recovering from ransomware and other destructive events
SAFEGUARDING DATA
Agencies need a backup and recovery plan to protect against ransomware
Ransomware attacks are on
the rise, underscoring the importance of a reliable backup and recovery solution to safeguard an organization’s data, reduce downtime and enable employees to safely work from home.
Ransomware attacks are becoming more sophisticated as new methods, such as malware-as-a-service, become more widespread. Remote workers are at risk also as they access
and share more data than
ever before, but often without adequate security protections in place.
In a recent survey of
government agencies, about
30% said they experienced a ransomware attack in the last
year, and an overwhelming majority – 78% – believe that the threat is growing.
One of the most concerning statistics from the survey is that only 34% of federal decision makers surveyed could fully recover critical data in under
12 hours, said Jeff Reichard, senior director for enterprise strategy at Veeam® Software.
In fact, the average length of time it takes for an organization to recover its applications after a ransomware attack is 9.6 days, but it can go on “a lot longer than that,” he said.
This is not only detrimental to an organization’s business operations but
it can also be expensive.
Remote workers present an even
higher security risk than those working in the office, Reichard said. “More people are working remotely and
that has caused the threat surface for cyberattacks to really, really grow.”
Security patches may not be available for remote devices, and public Wi-Fi connections can be a breeding ground for attack, he said.
“You’ll need to be able to reach those recovery time objectives. No downtime can be afforded.”
— Salim Ruffin, Sr., Manager, System Engineering, Federal Veeam Software
Often users are connecting through their home routers without installing physical firewalls or strong security.
“We are all stretched thinner than we have (been) in the past,” Reichard said. “We probably don’t have access
to our own data centers as we have in the past, supply chains are affected, and our job on the security side just got a lot harder”.
Protecting the data
However, there are well-established steps that organizations can take
to protect their data. “Exploits and attacks follow a predictable timeline,” Reichard said.
These steps include proactive monitoring, backing up data, validating those backups, recovery testing, deep scanning and forensics by looking
at network data and files sitting on disks. After an exploit is activated, organizations can isolate it, fight it, recover as planned — and prevent it from reoccurring.
Veeam has capabilities that can help agencies address each of these security steps, Reichard said,
including extensive monitoring capabilities for backups and for the infrastructure as well. It also allows agencies to run forensics on backup data without affecting production.
The company’s set of capabilities ensures that the data is useful and
virus-free when it is restored, and won’t be overwritten by ransomware,
Reichard said.
In addition, Veeam has adopted the
NIST Cybersecurity Framework, which focuses on outcomes and encourages an iterative process for improving security over time, Reichard said.
The company is also a NIST tested ransomware recovery solution.
All organizations are potential targets for a cyber-attack and need
to craft a backup plan as well as a recovery plan, he said. “It’s not really
a question of if, it’s a question of when, so recovering from an attack always has to be a part of your strategy”.
Recovery speed is “paramount”