No doubt you’ve seen the news about the recent ransomware attack targeting companies via a particular brand of software tools. This was just the latest in a series of “supply chain” attacks that have collectively impacted thousands of organizations in multiple countries with demands for millions in cryptocurrency ransoms to unlock their encrypted data.
Today, every business in every industry vertical is under threat—from banks and airlines to manufacturers, retail businesses, and healthcare providers. And we’re just seeing the tip of the proverbial iceberg, because many of these attacks go unreported by companies seeking to avoid negative publicity. It’s no longer a matter of if your organization will be impacted—it’s simply a matter of when. That’s why it’s so critical to focus on data recovery.
But how do you know whether your backup and recovery infrastructure is up to the challenge? How prepared are you to recover your data in the event of a ransomware attack and avoid a costly business disruption?
A critical data protection metric
To help answer that important question, let’s look at your “Ransomware Recovery Readiness.” Your readiness will help you determine where your protection strategy is—and where it needs to be. Your Ransomware Recovery Readiness offers critical insight into your level of risk as it relates to data protection.
Sounds great, but what factors go into your Ransomware Recovery Readiness? Let’s start by thinking about the various factors that affect your data recovery readiness.
The first factor is backup number and frequency. Ransomware attacks often occur over a period of time, so it’s important to have frequent backups to be able to recover from a variety of different attack scenarios.
It’s also important to ensure your backups are protected. It’s not about “hiding” your backups, but making sure your backups are stored in a way that is not susceptible to an attack.
Access to backup targets is another critically important factor. We’ve seen cases where organizations export their backup share to a bunch of people. Not a good idea, as this increases risk. Small mistakes like this can be very costly.
You also need to pay attention to the safety of your backup service. If your backup service is compromised, it won’t matter how well you’ve backed up your data. If you’re using a backup as a service (BaaS) you need to make sure it is safe and secure.
The same goes for the safety of the backup network over which your data is moving.
Monitoring your backups is another crucial factor for recovery readiness. Sounds simple, yet it’s an often overlooked factor in data protection.
Finally, you need assurance for the speed of recovery. You need to be able to tell your business leaders they can be back up and running quickly, with a minimum of disruption. Because the longer your customers have to wait, the more damage to your company’s business and reputation.
In my next blog post, I’ll offer some thoughts on how to rate your Ransomware Readiness Recovery Score and how to optimize your data protection infrastructure to address your score.
In the meantime, if you would like to better understand how you can be best prepared in the event of a ransomware attack like several of our customers, reach out to us at firstname.lastname@example.org.