Do You Have the Last Line of Defense Against Ransomware?

This post has been republished via RSS; it originally appeared at: Microsoft Tech Community - Latest Blogs - .

Do You Have the Last Line of Defense Against Ransomware?

 

 

When it comes to protecting our organization assets against threats, ransomware remains at the top of everyone’s mind.  More than 2/3rd of businesses have faced some sort of outage in the last three years.

 

For a large enterprise, every outage costs more than $100,000. That quickly adds up to a significant expense and loss of revenue for any organization.  When we look at numbers like this, it makes it much simpler to create a business justification for preparing for ransomware.

 

At this point, ransomware has made it to the mainstream news on many occasions, and it’s a term that IT practitioners are all too familiar with.  We have watched countless organizations struggle with long recovery times, if they are able to recover at all.  Just take the Colonial Pipeline incident for example.  This attack caused major disruption, and the post mortem analysis showed it could have been easily prevented.

 

The time is now for organizations to begin to take steps to ensure they are able to recover after an attack, but too many times organizations struggle trying to figure out where to start.  There are so many different things to do in an environment to try to safeguard against a ransomware that projects designed to protect an environment can quickly spiral out of control without delivering results.

 

The first line of defense is of course making sure the attackers don’t get in.  It is important to have security tools in place to prevent attacks, and to quickly detect attackers if they do manage to get into the environment.  We still need to plan for the worst case scenario in case they are not stopped or detected quickly.  This means we need a plan to recover from an attack.


It doesn’t have to be difficult to make sure we are ready to recover in the case of a ransomware attack.  It all comes back to backup, the last line of defense against ransomware.  If organizations are looking to do one thing to reduce the risk of downtime associated with ransomware, ensuring their backup processes are ready to provide a quick recovery is essential.

 

An excellent backup strategy is key to ransomware recovery, and when you work with Microsoft and one of our ecosystem partners, it becomes simple to find a solution that will meet your business requirements and your budget.

 

A little work up front goes a long way after a ransomware attack, so let’s review what we need to do to be able to recover later.

 

Backup ALL Our Assets

 

It’s important to make sure we are backing up all of our assets.  If something was never backed up, we won’t be able to recover it later.  We need to start by taking a good look at our environments, both on premises and in the cloud and ensure we are protecting our data.  While the first step is having a backup, the second step is having a backup that meets our business requirements.

 

It's here that it becomes so important for data protection teams to talk to business owners so they can understand the criticality of the data being protected and make sure it is protected properly.  Through Business Impact Analysis (BIA) we can then understand the Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs) for our applications, and what it means for our organization when we can’t meet these objectives.  This is where the cost of downtime can really help us build a business case for data protection.

 

After we understand the recovery objectives, we can make sure we are protecting our data accordingly.  For example, in some cases with a lower RPO and RTO you may choose to replicate applications right to Azure so you always have a second copy of our production data that’s ready to be turned on at any moment.

 

In other cases, we may have plenty of time to recover our applications, so a backup is fine, which brings us to our next point.

 

Have Multiple Copies of Backup Data

 

It’s very important to have multiple copies of backups for a number of reasons.  What if something happens to the first copy?  We know once threat actors are in an environment they try to cause as much damage as possible which includes trying to encrypt or delete backups.

 

Offsite copies of backups are even better in order to provide segmentation and protection against threat actors in your environment and insider threats.

 

This is where Azure really shines.  By using Azure Backup or working with any of our ecosystem partners, we can easily have a copy of our data in Azure ready for recovery. 

 

If you don’t already have multiple copies of backup data, putting a copy in Azure is the single most impactful thing you can do right now to ensure you can recover later.  It’s also simple and cost effective to do.  Best of all?  You can start right now; you don’t need to wait for new capacity or equipment to come online in your data center.


Test Recovery

 

After we have multiple copies of our backups, we need to test recovery.  Testing recovery is an important aspect of data protection so we know exactly how long it will take to recover when disaster strikes.

 

The tough part about a ransomware attack is we don’t know how it will unfold until it happens.  That’s why regular recovery testing is so important, especially recovery testing in different locations.

 

Azure makes it quick and easy to spin up a disaster recovery test or recover with a moment’s notice.  A little up front planning and testing goes a long way when it comes to the day of the ransomware attack.

 

This is why having multiple copies of your backup data is very important.  If we want to test recovery in Azure for example, we want to make sure a copy of our backup data is ready and waiting for us for the fastest recovery possible.

 

G&J Pepsi reflects on overcoming a ransomware attack, offers insights from the other side

 

One of our customers, G&J Pepsi-Cola bottlers, shared their story recently. Azure Backup is the solution that G&J Pepsi used to save the day, and it’s only one of the many Microsoft Security solutions that the company put in place. In the words of Eric McKinney, Enterprise Infrastructure Director at G&J Pepsi-Cola Bottlers, “We got our environment up and running in seven hours, thanks to the data we saved with Azure Backup, “And we didn’t pay a cent to the attackers.”. This is a good example of how companies of all sizes can benefit from a ransomware protection strategy that includes backing up your data.

 

No Environment is Immune

 

Whether you’re operating on prem, in the cloud, or in a hybrid model, no environment is immune from malicious actors.  You need to be properly protecting the VMs in your data center right along side your Azure VMs to make sure you can recover from a ransomware attack.

 

Remember, it isn’t if you get attacked by ransomware, but when.  We’ll be taking a deeper dive on how you can protect yourself from ransomware, both in your datacenter and in the Azure cloud.

 

Learn more

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.