Earlier this month, a ransomware attack shut down an essential U.S. gas pipeline for six days, causing widespread gas shortages across the Southeast and raising prices for millions of people. While this ransomware attack was the most prominent and significant in recent memory, ransomware is far from a novel cyberthreat.
According to Sophos’s State Of Ransomware Report, 51% of all companies have suffered a ransomware attack, a type of malware that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid. And changes brought on by the pandemic have only made the threat worse. Attacks are growing in number and scale as more people work remotely, often opening back doors to networks without corporate security protections. According to endpoint security vendor VMware Carbon Black, ransomware attacks jumped 148% in March of 2020 over baseline levels in February of the same year.
The most obvious consequence of these attacks is the payout that attackers demand- usually in the form of cryptocurrency—to unlock systems. But just as costly can be ransomware’s impact on business continuity.
How ransomware threatens business continuity
What victims of ransomware often forget is that the “sticker price” of paying the ransom is only a small piece to the larger picture of data recovery. On average, downtime costs can exceed five to 10 times the amount of a ransomware payment. And even in the best cases, organizations can still lose about 8% of data after a malware attack.
Today, data is the lifeblood of companies. Its loss or compromise would significantly affect their ability to do business. This is especially evident within SaaS applications, which serve as the foundation for managing and acting upon data insights. Organizations that succeed at transforming information into strategic assets hold a clear competitive advantage in today’s always on, data-driven environments.
While SaaS applications are historically reliable and secure, they are not immune to ransomware attacks. One of the fastest growing vulnerabilities is what many experts are calling “ransomware 2.0.” This new generation of attacks — using sophisticated types of ransomware — spreads to the cloud and encrypts SaaS data of cloud services.
The fact that cloud services accumulate a huge number of users in one ecosystem makes them an attractive target for cybercriminals. Imagine the damage from a successfully designed ransomware attack that targets all G Suite, Microsoft 365 or Salesforce organizations in the United States. The impact would be devastating.
The role of backups in ransomware recovery
Despite how prevalent ransomware attacks and other similar threats have become, most firms are ill prepared to handle cybersecurity-induced disasters. According to a recent Forrester report, almost half of all companies surveyed test backups for recoverability only twice a year, or less often.
Backups are essential for ensuring business continuity in the event of infection, enabling organizations to restore operations and data to their prior states. Yet, because of their value, backups are also prime targets for ransomware infection, with malicious actors hoping to maximize their leverage and damage to continuity. As a result, organizations need to take special care in thinking about their backup and recovery processes and infrastructure. In order to be effective, backup and recovery solutions to protect against ransomware must:
- Not rely on local or network-attached storage that is typically and specifically targeted
- Allow for multiple regular backups to enable enterprises to restore data precisely to the point prior to the ransomware infection
- Ensure cloud backup files are protected by strong information security measures that detect and prevent ransomware activity
But these requirements are just the start. In this post, we dig deeper into backup requirements when it comes to protecting against ransomware, and how Own’s capabilities measure up.