Najaf Husain, CEO
The Need for Data Resilience
It goes without saying that ransomware is top of mind for all enterprise security teams. The threat looms larger than ever, with a staggering 69% increase in attacks between 2022 to 20231. The rise isn’t surprising when you consider the allure for cybercriminals: valuable digital assets, the ease of Ransomware-as-a-Service (RaaS) platforms, the payoff from ransom payments, and an ever-expanding digital landscape ripe for exploitation. This problem isn’t going away any time soon.
Despite rigorous prevention efforts, such as EDR/XDR or mitigating common ransomware conduits (e.g., vulnerabilities, compromised credentials, phishing attacks), the harsh reality is that an attack may just be inevitable. Think of MGM – a multi-billion-dollar casino which surely had the most sophisticated ransomware prevention solutions available, yet still became a victim last year, at a cost of $110M.
In this environment, security teams need to make a shift towards resilience, focusing not just on prevention but on robust recovery strategies to mitigate the impact of an attack.
Recoverable Backups as a Cornerstone of Resilience
Ransomware resilience is all about being ready to quickly and effectively recover in the event of an attack. This readiness hinges on having a clear and actionable plan in place that thinks through every component of what is required to get your business back up-and-running.
As we all know, backups are an integral part of any recovery plan. But the question that security teams need to ask themselves is not just “Do we have backups?” but “Do we have backups that are recoverable?”
One reason for special vigilance regarding your backup strategy is that cybercriminals have started to target backup repositories, to undermine the reliability of this recovery method. According to the 2023 Ransomware Trend Report, backups were targeted in a staggering 93% of ransomware attacks. The success rate of these targeted attacks is alarmingly high, with 75% of backup repositories being compromised during these incidents2. These statistics serve as a stark reminder of the importance of having a backup strategy that is robust enough to withstand targeted cyberattacks.
How to Ensure Your Data is Recoverable with True Ransomware Detection
Enterprises often implement immutability and air-gapping to protect their backups. But these measures alone are still not enough to guarantee recoverability. For one thing, many bad actors will intentionally dwell in your data for longer than your backup retention policy in order to covertly infiltrate your backup repositories. It’s hard to imagine a worse scenario than relying on backups during an attack, only to realize those backups were compromised at the point of being rendered immutable and air-gapped. This not only leaves the team without a viable recovery option but also adds the insult of having invested money in the storage of “dirty” data.
To remove any form of guesswork from your ransomware recovery plan, the key is to test the integrity of all your data before it is made immutable and air-gapped with true ransomware detection. This integrity check can be done either on your live data to catch ransomware before it’s backed up or else on backups before they are sent to the secure vault. Another key benefit of this practice is that, in the event that you find ransomware in your data, you know exactly when your last-known clean copy is and therefore what to recover from. In this way, true ransomware detection allows you to rest easy with the knowledge that your data is clean, uncompromised and recoverable.