Recoverware: A New Vision for Managing Enterprise Risk
Today, businesses of all sizes are under siege from ransomware, zero-trust attacks and DDoS attacks that threaten data security. In this new threat landscape, the stakes are higher than before and organizations know they can’t possibly avoid every incident. As cybercrime ramps up, organizations should increasingly focus on recovery and not just prevention, writes Zerto’s CIO Avi Raichel. He presents a new approach — ‘recoverware’ that can restrict data loss and help businesses bounce back from cyberattacks.
Today, businesses of all sizes are under siege from ransomware, zero-trust attacks and DDoS attacks that threaten data security. In this new threat landscape, the stakes are higher than before and organizations know they can’t possibly avoid every incident. As cybercrime ramps up, organizations should increasingly focus on recovery and not just prevention, writes Zerto’s CIO Avi Raichel. He outlines a new approach — ‘recoverware’ that can restrict data loss and help businesses bounce back from cyberattacks.
What can those responsible for cybersecurity take from the experiences of the last 12 months? Well, the challenge is as big as ever, and in many respects, the risks have become even more acute as the volume and severity of attacks continue to rise. Organizations now face adversaries who approach their ‘work’ in a similar manner as any start-up determined to disrupt long-established norms would.
What’s also increasingly apparent, though, is the gradual shift in cybersecurity mentality and approach. Until now, cybersecurity has focused on prevention, while recovery has been relatively excluded. The idea that any given organization is—on the balance of probability—unlikely to become a target for hackers or a victim of ransomware is giving way to healthy pragmatism. In short, those who implement cybersecurity based on when they will be attacked, not if, are much more likely to frustrate attempts at extortion and recover without delay or serious business impact.
Learn More: Cybersecurity Needs to Play a Bigger Role As WFH Era Continues
Redefining Protection
The technology enabler for this approach is the development of ‘recoverware,’ which seeks to build recovery from a cybersecurity attack into the technology and process investments made by IT and security teams. It is founded on acknowledging that no matter how much investment goes into protection, eventually something—or someone—will breach almost any defense. Instead, protection should no longer be just about halting the enemy at the gates but about remaining a step ahead, so even if there is a successful attack, a return to business as usual can be just minutes away.
Recoverware puts organizations in a position to implement tools that provide disaster recovery and backup through continuous data protection (CDP)—right down to the moments just before a breach. It shifts the emphasis completely: paying a ransom ceases to become the only option because having the power to recover data to a point immediately before a ransomware attack strikes puts IT teams back in control.
But how does this work in practice, and how does a recoverware strategy empower businesses who are often cornered by incidents such as a ransomware attack? The traditional scenario would be: an organization discovers its network infected with the CryptoLocker ransomware. As a result, all its file servers become infected, and the only viable recovery method is restoring from the disk. This sounds simple enough on paper, but, in this situation, it’s not uncommon for the victimized organization to experience hours of data loss, and many are unable to fully recover for several weeks.
This remediation process can be dangerously complex and time-consuming. The afflicted business may find it is unable to restore any data from its disk backups, leaving it with the option of shipping tape files to a third-party data restoration specialist, with accompanying delay and additional cost. And even when data is then recovered, the recovery points may be different times with major gaps that further complicate the task for IT teams and reduce the overall quality of recovery. Only then—with data now available—can file servers be reconstructed, files restored, and infrastructure tested.
That road to recovery is long and expensive. Businesses must then calculate the alarming and disastrous downtime cost, lost revenue, potential compliance breaches, and impact on company reputation and customer loyalty. For some, this process is so painful that it presents a very real threat to remaining viable. Every year, there are more examples of organizations sadly forced under entirely because recovery proved impossible.
Learn More: Physical Device Security Is Vital in the Remote Work Era
Back to Business As Usual
In contrast, recoverware is based around technologies that—should a breach occur—restrict data loss to a matter of seconds and limit recovery time to mere minutes. By identifying a recovery checkpoint immediately before a ransomware attack freezes networks and encrypts data, IT teams can immediately recover, test, and reconnect servers to the network. Organizations that build recovery into the technology ‘DNA’ of their infrastructure transform their ability to respond to the potential impact of a ransomware breach.
Recoverware addresses one of the most widespread and dangerous weaknesses seen across cybersecurity strategies today. And when defenses fail, organizations are often powerless to sidestep the attack and restore their systems to normal. But, released from the pressure to either pay ransom demands or implement long and costly recovery and rebuild strategies, IT teams can quickly refocus their efforts on business priorities, such as optimizing system performance, delivering innovation, or scaling infrastructure.
Let us know if you liked this article on LinkedIn, Twitter, or Facebook. We would love to hear from you!
