In May 2021, the Irish health Service (HSE) was hit by a ransomware attack. According to the BBC this caused substantial cancellations to outpatient services and staff having to resort to paper-based systems. The service was still recovering from this attack four months later and, although it said than 95% of its servers had been recovered it still had an area of its website devoted to giving updates.
Ransomware has become a rich vein that is being mined by cyber-criminals. Any organization that has money and time critical data is at risk. Even worse the ruthless criminals are double dipping by not only preventing access to your data but also threatening to sell or publicise what they have stolen. According to the UK Government ransomware accounted for up to 14% of reported cyber breaches.
This makes backup and disaster recovery an essential component of your cyber security.
This risk has been increased as organizations undergo digital transformation. As your organization becomes more dependent upon your IT systems the potential impact on your business from any disruption increases. If you can’t access your data or your systems, your entire business could be destroyed. For example, the attack on the Norwegian Aluminium smelter Norsk Hydro is reported to have cost £45M and disaster was only averted because the retired employees remembered how to operate the plant without IT.
Many organizations now depend upon cloud services or have moved their data to the cloud and believe that this means that they no longer need to take backups. While some cloud services provide some levels of protection for the data that they hold this cannot be taken for granted. In general terms, the cloud customer is always responsible for the security of their data, and cloud services cannot protect the customers’ data from all threats.
Check out the Hybrid Multi Cloud Track at EIC for more on this.
In addition, other kinds of events could lead to a cloud customer being unable to access their applications and data held in the service. On Wednesday March 10th at 1am in the morning a fire started that destroyed a major data centre in France that provides cloud services. This led to many businesses being unable to access their data an extended period.
Cloud customers may delete their data accidentally, their data may be corrupted by application errors, ransomware, or localized failure. While IaaS providers take care to protect the infrastructure that they provide, the customer is responsible for the security of their data. When you delete an S3 Object Storage Bucket the data is gone and cannot be recovered. When you delete Office 365 files these are only retained in the service for 30 days. The cloud customer is responsible for ensuring that their data is protected against these risks by using backup processes.
The backed-up copies of data are also at risk – smart ransomware attempts to disable your backup processes or to plant malware so that restoring the data from the backup will restore the threat.
To counter this, backup vendors now provide “immutable” backup capabilities in various ways. These include exploiting the object lock capabilities provided by cloud services, appliance hardening, specialized write once hardware, blockchain techniques, as well as support for an “air gap.”
Your backups also need to be physically protected. Traditionally, this would be achieved by moving physical copies to separate secure locations, which also added the risk of loss in transit! Cloud services provide a useful alternative and can be used to store the backed-up data with a high degree of resilience while reducing the delays and the risks involved in the physical transfer of media. However, be careful to ensure that you use the cloud for backup storage in a way that meets your compliance obligations.
Backing up your systems and data is important but is not enough – you need to be able to recover the data and restore the affected services - and you need to be able to do this quickly. Achieving this depends upon how the data was backed up as well as how it can be restored.
Business applications depend upon a complex technology stack using multiple services across many servers. You will need to rebuild all the Virtual Machines unless the backup contains restorable VM image snapshots. The backups of the multiple elements must be synchronized so that you can restore the business service. A business-critical database may contain terabytes of data and the time needed to copy this data can be a significant factor unless your backup service supports database emulation. This adds to the complexity of the recovery processes that involve teams from across the organization.
Does your backup solution provide all the capabilities that you need to restore your service - for example: run books, workflows, and process automation? Does it provide full stack restoration capabilities? Does it support a DR environment from where you can quicky restore a working service.? Does it provide these a fully managed service with guaranteed SLAs?
Choosing the right cloud backup and disaster recovery solutions and services could make the difference between the survival and failure of your business when hit by ransomware. To help you to make the right choices KuppingerCole offer reports, services, and training as well as events. These include
Hybrid Cloud Backup and Disaster Recovery | KuppingerCole this Buyers Compass helps organizations to choose the right solution for their hybrid multi-cloud that provide backup and disaster recovery needs.
Cloud Backup and Disaster Recovery | KuppingerCole – this Market Compass provides an overview of the hybrid, multi-cloud backup, restore and disaster recovery solutions currently available on the market. The report rates each solution against eight critical capabilities as shown in the example below. 
In addition, the report identifies seven vendors that are outstanding in the areas of innovation, functionality, and disaster recovery as a service.
Master Class: Incident Response Management | KuppingerCole delivers training on how to design and implement a comprehensive incident response plan for your organization.
Check out these reports and attend EIC in Berlin May 10th to 13th, 2022 for more insights into this critical area.
