[adning id=”12070″]

[adning id=”12070″]

The best way to defeat ransomware? Resilience

Over the past several years, governments, businesses, research centers and hospitals dealt with ransomware and data exfiltration in two ways: paying ransoms, or attempting to restore their systems and information through traditional disaster recovery approaches. The first approach is painful, and the second often doesn’t work because traditional methods aren’t architected for resilience of this sort.

Let’s get nerdy and talk about the appropriate way to defeat ransomware.

One of the first challenges is that rebuilding the traditional way can actually help threat actors, because it’s likely that the threats are also lurking in the backup. Thus, as organizations attempt to recover from ransomware using traditional disaster recovery “backup and restore” processes, they are likely re-introducing the threat—even for recoveries that reach back six to eight weeks.

This can lead to the false confidence that comes from relying on compliance-driven resilience. Not good.

Move away from compliance-driven resiliency

Unfortunately, business impact assessments done via surveys rarely provide the three main things necessary for architecting any true recovery: recovery time objective, recovery point objective and inventory. Survey-driven impact assessments usually portray a process’s value to the organization, rather than measuring the real recovery objectives. This may produce poor or outdated impact assessments, which in turn lead to poorly constructed recovery approaches. Add in issues related to data and you have the perception of confidence as opposed to real capabilities. The lesson: Compliance-driven resiliency rarely works. Business-driven resiliency does.

Data integrity: Encryption and access

Industries that have significant data integrity requirements such as healthcare, pharmaceuticals and food are concerned with data manipulation or even worse, that their data may be taken hostage and sold at auction. Encrypting and using additional cybersecurity controls in production data can help alleviate risks around data hostage situations or manipulation, but these controls should be in place as part of recovery itself, which would increase the infrastructure recovery time objective. Even worse, when the system providing additional cybersecurity controls is breached, it can then actually become a barrier to recovery.

Rethinking the overall approach

Ransomware resiliency and data integrity require a whole new approach to disaster recovery, one that elevates the importance of protecting data across people, processes, and technology—with no silos. This is because no single technology or “thing to plug in” can solve ransomware; nor can any amount of money protect against it.

Rebuild: A new no-silo approach

Accenture has developed a new approach we call ‘Ransomware Resilience.’ It combines the benefits of on-premises ownership (immediate response) and the scalability, performance and security of cloud. We’ve also stopped focusing on secure backups and restoration as a part of recovery and instead are focusing on a new approach that rearchitects, strengthens and fortifies the entire environment.

In our experience, this helps organizations avoid paying ransomware and rebuild and get back into business much faster. We’ve helped clients restore within hours* with this new approach. Clients love it, since it’s more reasonable to rebuild than to figure out how to send Bitcoins and/or file reimbursement claims with a cyber insurance provider.

As a community, we should merge incident response, data security, digital identity, network security and disaster recovery to be able to quickly rebuild after a ransomware attack. Whether we call this approach “Disaster Recovery 2.0” or Ransomware Resilience the time has come to think about data and to architect better.

Actually, that time came about four years ago with Bitcoin, it’s time to get moving. I like ransomware resilience myself.

*Rebuild timeframe is dependent upon individual client risk tolerance, industry, rebuild architecture, project scope and resources.

Written by: Rouzbeh Hashemi, Senior Manager, Accentu

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on email
Email
Share on print
Print

Leave a Comment

Your email address will not be published. Required fields are marked *

SUBSCRIBE FREE
SME NEWS BRIEFS

Get breaking news delivered
  • This field is for validation purposes and should be left unchanged.

RECEIVE GOVT GRANT OF $10K to $250K*.

Austrade Approved Business Events
AVAILABLE NOW APPLY BEFORE 30th MARCH 2021 (Condition apply)

  • ABF Events are approved and listed below have been certified by Austrade on the Schedule of Approved Business Events.
  • This allows exhibitors, sponsors, delegates and partners to participate in the Business Events Grant Program. Note event bookings need to be confirmed ASAP to participate in the grant program
  • The program provides 50% rebate (based on a minimum spend of $20k) for approved items including ABF event-media packages, exhibition stands, corporate function tables, delegate registrations.
  • Govt Grant applications are now open until the 30 March. Please contact ABF to discuss how we can assist, we have experts to assist grant applications.
  • Grant funding will cover up to 50% of eligible expenditure incurred in participating at pre-approved business-to-business events as buyers or sellers during the 2021 calendar year.  All grant applications must be submitted for approval via the following link: https://business.gov.au/grants-and-programs/business-events-grants
  • For further information please see this fact sheet.