It is hard to deny that ransomware is working. Every day brings another story of a new high-profile attack or a new strain of malware holding businesses hostage. An attack on an Austrian hotel, the latest in a string high profile outages that already hit a month into 2017 and the first well-publicised case for the hospitality sector, proves that there are still companies willing to pay the ransom to regain control of their mission-critical data and applications. While this business is choosing to resort back to non-electronic keys as a method of prevention, there is nothing to prevent the same hackers from “locking” the hotels other critical applications, such as booking and reservation systems. But, what if there was a way to never have to pay the ransom?
Data, and the applications that enable this data, will always be one of the most important assets a business can have. And, like the case of the Austrian hotel, the price of losing access to the data was deemed higher than the cost of the ransom. However, with an effective disaster recovery and business continuity (DR/BC) solution, this choice would never have had to be made.
Effectively negating the threat of ransomware means being able to recover critical applications and data within minutes. True IT resilience, however, is the ability to respond and eliminate a service disruption before it affects customers or end-users – even if they are too busy skiing down the Austrian slopes to notice they have been locked out of their rooms.
Backup solutions and firewalls alone do not offer this. Businesses need comprehensive BC/DR capabilities that deliver fast recovery point objectives (RPOs) and recovery time objectives (RTOs). When a disaster does strike, it is the first few minutes that are critical and businesses need to be able to recover within those minutes, not hours, and as completely as possible. Relying on incomplete backups taken 12 to 24 hours previously could take hours to restore, leaving businesses with downtime they cannot afford and which, more worryingly, could have been avoided.
Too often in businesses, IT takes a very single minded view on security, simply focusing creating a perimeter fence to try and detect and prevent intrusions. But more often than not these days, intruders seem to be winning this game. A second layer of defence, involving a more comprehensive and holistic approach to address what happens once an intruder has breached the perimeter fence should always be in place. This layer should include an automated recovery process, which focuses on the fast recovery of critical data and applications to ensure uninterrupted business operations.
For instance, protecting against a virus falls under the purview of the perimeter fence, but this is proving more difficult as malware continues to evolve and progress. Working from backups is time-consuming and they are often out of date, but advanced DR can allow the business to recover from an outage or virus by re-winding their VMs to a point in time seconds before the infection hit. This negates the need to pay any ransom and allows businesses to get back up and running within minutes avoiding any costly downtime.
Successfully meeting internal and external compliance initiatives after a disaster is an added pressure for organisations with highly sensitive data. But as ransomware expands its focus outside of regulated industries, any business can be a target. In the event of a disaster or a malware infection, organisations won't just feel increased pressure from regulatory bodies, customers and end-users will demand answers. Failure to comply or recover data within an adequate amount of time could result in costly fines and other negative repercussions. It makes better business sense to invest ahead in DR than pay either ransoms or fines later down the line.
In the digital age, applications and data are crucial to running nearly all businesses. And, the hospitality sector is no different, there's no room for downtime. As ransomware threats increase and the varieties become more destructive, it's imperative to have a comprehensive BC/DR strategy that prevents an intrusion from causing any downtime if it penetrates the first lines of defence. If, instead of having to discuss the options of paying or losing data, everything could be restored to seconds before the attack even took place, then you can have the power to render ransomware attacks irrelevant and keep your business up, running and your doors open.
Contributed by Peter Godden, VP, EMEA, Zerto
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.