World Backup Day, now in its 12th year, is arguably more important now than ever. What started with a focus on personal data has shifted in emphasis to cover the risk of organizational data loss as the nature of cyber threats have evolved.
We’re all aware of the ever-present risk of cyber attack and the vast amounts of money, time and effort spent staying on top of the issue and formulating defence strategies. Yet when it comes to cyber defences, any organization is only as strong as its weakest link, which is very often the human factor. This is especially the case when it comes to ransomware attacks.
The current state of the ransomware threat
Ransomware attacks continue to increase in volume and are growing in their sophistication. They are also presenting a greater level of both financial and reputational risk to organisations. According to an industry report highlighted in Forbes, in 2022, 76% of organizations were targeted by a ransomware attack. Worryingly, only 50% of organizations that fell victim to a successful ransomware attack, managed to retrieve their data after paying the ransom.
Industrial organizations appear to be a particular focus for ransomware gangs at present, with attacks up 87% in 2022, according to research published in TechTarget. Many of these attacks targeted operational technology (OT), including hardware and software that enables critical industrial processes across multiple sectors.
Further highlighting the prevalence of ransomware attacks in both the US and UK, in recent months we’ve seen significant incidents at high street retailer WH Smith, the US Marshals Service and a major chip supplier, resulting in delays to semiconductor manufacturing.
Assessing your ransomware attack readiness
The threat posed by ransomware isn’t going away any time soon – nor are other cyber threats that present a risk to your data, operations and reputation. On this World Backup Day, organizations should take the opportunity to assess their cyber resilience by asking the following questions of themselves:
- Do we have defined, rehearsed backup processes in place?
- Are we certain that our backup processes are fit for purpose?
- How efficient is our backup management?
- Are our backup solutions cost effective?
- How resilient are our cyber defences and backup processes in guarding against the threat of ransomware and malware?
- In the event of a ransomware attack, how quickly could we recover?
- What are the impacts on the organization if recovery time objectives are not met?
- Do we have adequate infrastructure to ensure business continuity?
Ensuring that your organization has the right level of ransomware protection
While general awareness of ransomware is high, questions remain around ensuring that organizations have the right level of ransomware protection. Most will have good initial lines of defence, and many are now looking to improve them, seeking better integration, smoother operation, and the most robust technology, making it easier for CTOs, CIOs and CISOs to work together in a more joined-up fashion. There’s also a growing realization that being protected on premises isn’t the same as being protected in the cloud. While digital and cloud transformation projects continue at pace, many overlook the challenge of fully integrating ransomware protection as part of these, leaving points of exposure.
Guaranteeing ransomware recovery through immutable backups
The most effective way to overcome a ransomware attack, ensure rapid data recovery, and restore and resume normal operations is through immutable backups and having a good disaster recovery plan with second site replication in place. These can be provided by a specialist partner via a data recovery platform with a recovery environment comparable to the original.
Not all immutable backups are equal
When considering which immutable backup service is right for your organization, it’s important to consider that most cloud data management platforms were not built from the ground-up with immutability in mind. This matters because it can impact on feature functionality. Rubrik is the exception to this. As a managed service provider, Assured Data Protection works closely with Rubrik to ensure replication of data, guaranteeing the ability to recover and restore operations during a time of crisis.