Ransomware has been front page news in 2021. In a world of escalating cyberattacks, ransomware garnered attention with a series of attacks that targeted every type of organisation from utility providers to food suppliers to healthcare and local authorities. These services can struggle to recover months after an attack.
Such is the threat, the head of the National Cyber Security Centre (NCSC) described ransomware as “the biggest online threat to people in UK.”
The problem is that some business decision makers still don’t see ransomware in the same context as other disasters, like fires or flooding. Cybercrime is the only industry where the scale of innovation happens on the criminal side. The more they achieve ‘success’ the more we will see a rise in volume and severity, argues Andy Fernandez, senior manager, product marketing at Zerto, a leader in disaster recovery, backup and cloud mobility.
“At some point every organisation will be faced with a ransomware attack and will need to recover,” he says. “If I was an organisation, my bigger concern is not ‘will a natural disaster or outage happen?’ It’s ‘I know I’m going to get hit by ransomware. How am I going to respond to that?’”
Weeks of downtime post-attack
Many organisations with a disaster recovery and business continuity plan in place will be confident in their ability to recover following an attack. But one critical question remains: how long will it take them to recover their data, and how much damage will be done in the meantime?
“Often companies will be using legacy data protection,” says Fernandez. “It’s not just about: can I recover? It’s about how quickly I can recover. By the time those organisations are able to recover their data – to become operational again – the business has suffered massive disruption. It can take days, even weeks, to recover data in those instances. We’ve seen organisations pay the ransom, even when they have backups available because they cannot afford to spend the time recovering from backups.
Importantly, data loss and downtime are separate things.
“There are two important metrics,” says Fernandez. “The first is the recovery point objective (RPO), which refers to the potential data loss the organisation faces in the aftermath of an attack. When was the data last copied? Six hours ago, 12 hours, one day? The second is the recovery time objective (RTO), which is how short is the timeline from the point of encryption to the point of recovery?”
Continuous data protection
One answer is continuous data protection (CDP). CDP can reduce service levels — both RPO and RTO — from hours to minutes, even seconds. In fact, CDP recoveries can assist organisations in recovering to a state seconds before an attack, in just minutes.
While traditional methods of data protection take timed ‘snapshots’ as a way of backing up data, CDP solutions like Zerto continuously replicate that data. This can be to multiple sites, with no snapshots or performance impact with data being replicated every five seconds. This means customers can quickly restore entire sites and applications in minutes, at scale.
“It’s about finding solutions that can get you back up and running without paying the ransom,” says Fernandez.
‘When,’ not ‘if’
Research suggests it is a case of ‘when,’ not ‘if’ an organisation falls victim to a cyberattack. One IDC survey shows 95% of mid-sized and enterprise organisations have suffered a malicious attack – and more than a third have suffered more than 25 attacks.
Eight out of 10 of those attacks resulted in data corruption, with 43% of organisations experiencing unrecoverable data within the past 12 months.
“Whether you’re the CEO or CIO, ransomware is not your IT manager’s problem. It’s your problem,” says Fernandez. “Because it’s a complete disruption that could tank your business – and will if you don’t prepare correctly.”
