Over the past several years, governments, businesses, research centers and hospitals dealt with ransomware and data exfiltration in two ways: paying ransoms, or attempting to restore their systems and information through traditional disaster recovery approaches. The first approach is painful, and the second often doesn’t work because traditional methods aren’t architected for resilience of this sort.
Let’s get nerdy and talk about the appropriate way to defeat ransomware.
One of the first challenges is that rebuilding the traditional way can actually help threat actors, because it’s likely that the threats are also lurking in the backup. Thus, as organizations attempt to recover from ransomware using traditional disaster recovery “backup and restore” processes, they are likely re-introducing the threat—even for recoveries that reach back six to eight weeks.
This can lead to the false confidence that comes from relying on compliance-driven resilience. Not good.
Move away from compliance-driven resiliency
Unfortunately, business impact assessments done via surveys rarely provide the three main things necessary for architecting any true recovery: recovery time objective, recovery point objective and inventory. Survey-driven impact assessments usually portray a process’s value to the organization, rather than measuring the real recovery objectives. This may produce poor or outdated impact assessments, which in turn lead to poorly constructed recovery approaches. Add in issues related to data and you have the perception of confidence as opposed to real capabilities. The lesson: Compliance-driven resiliency rarely works. Business-driven resiliency does.
Data integrity: Encryption and access
Industries that have significant data integrity requirements such as healthcare, pharmaceuticals and food are concerned with data manipulation or even worse, that their data may be taken hostage and sold at auction. Encrypting and using additional cybersecurity controls in production data can help alleviate risks around data hostage situations or manipulation, but these controls should be in place as part of recovery itself, which would increase the infrastructure recovery time objective. Even worse, when the system providing additional cybersecurity controls is breached, it can then actually become a barrier to recovery.
Rethinking the overall approach
Ransomware resiliency and data integrity require a whole new approach to disaster recovery, one that elevates the importance of protecting data across people, processes, and technology—with no silos. This is because no single technology or “thing to plug in” can solve ransomware; nor can any amount of money protect against it.
Rebuild: A new no-silo approach
Accenture has developed a new approach we call ‘Ransomware Resilience.’ It combines the benefits of on-premises ownership (immediate response) and the scalability, performance and security of cloud. We’ve also stopped focusing on secure backups and restoration as a part of recovery and instead are focusing on a new approach that rearchitects, strengthens and fortifies the entire environment.
In our experience, this helps organizations avoid paying ransomware and rebuild and get back into business much faster. We’ve helped clients restore within hours* with this new approach. Clients love it, since it’s more reasonable to rebuild than to figure out how to send Bitcoins and/or file reimbursement claims with a cyber insurance provider.
As a community, we should merge incident response, data security, digital identity, network security and disaster recovery to be able to quickly rebuild after a ransomware attack. Whether we call this approach “Disaster Recovery 2.0” or Ransomware Resilience the time has come to think about data and to architect better.
Actually, that time came about four years ago with Bitcoin, it’s time to get moving. I like ransomware resilience myself.
*Rebuild timeframe is dependent upon individual client risk tolerance, industry, rebuild architecture, project scope and resources.
Written by: Rouzbeh Hashemi, Senior Manager, Accentu
