Establishing Comprehensive Resilience Frameworks for Ransomware Recovery
A Spring of 2021 survey conducted by analysts at IDC revealed that 95.1% of organizations had suffered a malicious attack within the past 12 months, and 36.6% of respondents have suffered more than 25 attacks during that time.
Organizations are working harder to develop more holistic approaches to developing robust capabilities for bringing data and applications back online after significant disruptions.
Each organization must build a combination of processes, governance models, and operational maturity assessments to create a resilience strategy that makes sense for specific circumstances.
Malware and ransomware attacks have achieved an unprecedented level of ubiquity across organizations of all sizes and industries. A Spring of 2021 survey conducted by analysts at IDC revealed that 95.1% of organizations had suffered a malicious attack within the past 12 months, and 36.6% of respondents have suffered more than 25 attacks during that time. Of even greater concern, 43% of respondents have experienced unrecoverable data within the past 12 months.
IDC believes that digital resiliency – the ability for an organization to rapidly adapt to business disruptions by leveraging digital capabilities to restore business operations and capitalize on the changed conditions – must be a key objective in every organization's digital transformation (DX) efforts.
BizTechReports caught up with Matthew Rice, of IBM on the issues and options facing organizations as we move deeper into the decade. Here is what he had to say:
As organizations pivot to support the shelter-in-place workforce throughout 2020 in response to a global pandemic, IT and cybersecurity organizations are exposed to another plague: ransomware. According to “The Annual Report on Global Cybersecurity,” by Statista, there were a total of 304 million ransomware attacks worldwide in 2020, representing a 62 percent increase from a year prior and the second-highest figure since 2016.
Meanwhile, a 2021 study from IBM Security reports that remote operations during the pandemic increased the surface of the attack and led to more expensive data breaches. Experts observed a $1 million rise in the cost of average breaches when remote work was indicated as a factor in the event, compared to those in this group without this factor ($4.96 vs. $3.89 million.).
As Matt from IBM put it: “There's a 30% chance that your organization will get hit in the next 24 months. What is troubling is that 75% of those organizations that will be hit have no response strategy at all. If organizations wait until they’re hit to start formulating a response, it will not be good. You'd be amazed how often that scenario plays out.”
The implications of threat analysis are clear. While it is important to take as many precautions as possible to prevent attacks, there should be a growing focus on recovery. This is why the concept of “resilience” has evolved tremendously as a corporate priority over the past 18-24 months. Organizations are working harder to develop more holistic approaches to developing robust capabilities for bringing data and applications back online after significant disruptions.
By embracing the concept of resilience, ransomware and cyber recovery can be treated as just another outage scenario that needs to be practiced and drilled regularly. The scenario planning and practice sessions should incorporate all enterprise infrastructures, suggested Matt from IBM. “It should include public and private cloud and should not leave out any platform. When we set up these strategies, the first thing we're going to ask is: What is your critical data? All vaulting solutions should be based on the disposition of specific data. We’re using machine learning and AI and other emerging technologies to understand the characteristics of data...determine the shelf life of data by classification and establish processes to perform forensics and recovery based on these insights rapidly.”
From a financial perspective, the focus on resilience has shifted scarce enterprise technology allocations toward recovery -- perhaps at the expense of prevention. One big takeaway is that you have to have robust recovery procedures. We used to say that getting hit by a breach just was not an option. That is a difficult statement to back up today. And you certainly shouldn’t bank on it. Executives now realize that our recovery procedures are just as important as our protection initiatives.”
The talk has to be backed up by the walk. It is not enough to have a plan on paper. Organizations have to go out and practice these procedures regularly. These drills must include not only operational staff but also the C-suite.
It requires a multi-disciplinary approach that integrates the experience and expertise of cybersecurity, business continuity, disaster recovery, and IT infrastructure management across heterogeneous environments.
Much, in short, is changing. “The accepted practices for resilience -- especially in the context of ransomware -- are a relatively new area,” pointed out Matt from IBM. “The whole thing is complicated by the fact that there is no silver bullet. Each organization must build a combination of processes, governance models, and operational maturity assessments to create a resilience strategy that makes sense for specific circumstances. And because circumstances change, it cannot be a one-time shot. It's about rapidly understanding the root cause when an incident does happen. Then it's about effective communications and crisis management. Security, disaster recovery, and business continuity talent must be trained to work together collaboratively to bring the business back online in a well-choreographed manner.”
For more information about BizTechReport podcast interviews, please contact Melissa Fisher at MFisher@BizTechReports.com.