Under the heading of an ill wind always blows some good, the rise of ransomware has certainly moved data protection up the IT agenda. There are very few IT organizations these days that are not at the very least considering what they might need to do should all the data the organization depends on suddenly be become encrypted by cybercriminals demanding money for the keys needed to decrypt that data.
The trouble with ransomware
The primary defense against such threats, of course, is being able to recover the data the organization has backed up either locally or in the cloud. The problem most organizations face today is that when it comes to backing up data many IT organizations are not particularly good at it.
In fact, a new survey of 220 IT security professionals attending the recent Black Hat 2016 conference conducted by Tripwire, a provider of compliance and security software, finds that only 34 percent were confident their organization could recover from a ransomware attack without losing data.
The trouble with ransomware is that it takes advantage of human foibles. All the security technology in the world isn’t of much use when an end user downloads an attachment loaded with malware that winds up encrypting all the organization’s data. The only two real choices are to either pay the ransom to gain access the keys needed to decrypt that data, or recover a copy of that data that have been hopefully backed up.
The challenge most organizations face todays is that backing up data and then recovering it is often a hit or miss proposition. The good news is that it’s becoming simpler to back up recently created data locally and then archive the rest in the cloud. When it comes to ransomware, however, both IT service providers and the IT organizations they serve alike need to take pains to make sure that a ransomware attack doesn’t wind up encrypting data in both places.
Alas, most IT organizations today have yet to tightly couple IT security and data protection. The latter is viewed more often than not as an occasional event. In reality, the prevalence of ransomware means that data protection needs to become a continuous process now more than ever.
Opportunities for IT service providers
Naturally, that creates an opportunity for IT service providers. When it comes to data protection the majority of organizations are sloppy. No one has probably even tested whether any given data set can actually be recovered in months. All too often the data protection strategy relies more on hope and prayer than actual best practices.
At least most IT and business executives are aware of the threat ransomware poses. That makes starting a conversation about how data protection is now an essential component of IT security much easier. While it may be next impossible to prevent someone from being fooled into downloading malware, there are clearly measures that can be put in place that mitigate the damage these attacks can cause. The thing IT service providers need to stress is that once data protection becomes a process rather than an event, it’s generally best left in the hands of an organization who makes sure that every step in that process occurs each and every time without fail.