Data Recovery in the Age of Ransomware
Earlier this year, the world recognized World Backup Day (WBD) as a reminder to everyone that data is important and has to be protected. As part of the WBD recognition, Barracuda ran a series of blog posts on the reasons why companies lose data even when they do almost everything right.
As a follow up to our WBD activities, Barracuda conducted a survey of general technologists whose responsibilities include data protection and recovery. To be blunt, some of these results are alarming. In this article, we are going to run through the results, explain what they mean, and take a look at how to resolve these issues of concern.
As you know, ransomware is a global epidemic and is expected to cost over $5 billion in damages in 2017. Ransomware is a dangerous attack because it doesn’t just make a system unavailable; it renders the data unusable. This has already caused a great deal of trouble for healthcare institutions, government entities, law enforcement agencies, and of course, businesses all over the world. If you’ve fallen victim to a ransomware attack, there are only two ways to get your data back without paying the ransom: get a free decryptor from a service like this one, or fall back on your data protection strategy and recover your data.
Some victims have no choice other than to pay the ransom or lose their data. This is an unfortunate situation, because even if the ransom is a small amount, there are a number of problems with this course of action:
Criminals know you are willing to pay a ransom and are more likely to target you again
There is no way to know that the criminals will or can decrypt your data
Decryption might not work properly and you may lose data anyway
Law enforcement agencies and other authorities discourage rewarding the criminal by paying the ransom
You can leave your data decryption and recovery up to chance, or deploy a comprehensive strategy before the attack.
Data Protection and Recovery
There are a number of definitions for “data protection,” but the common theme is that it requires more than running a backup. Proper data protection is included in the security planning: it includes business continuity and disaster recovery planning, as well as the many security practices involved in preventing unauthorized access. The Barracuda survey focused on data recovery, which is ultimately what system administrators are trying to provide for their companies. Comprehensive data recovery involves data availability and data accessibility at all times.
Availability vs Accessibility
Let’s start with a quick overview of what these are. When we talk about the availability of a data backup, we’re talking about the data that is stored as a backup. In the case of a tape-based or a disk-based system, the data that is backed-up is available on the tape or on the disk.
Data accessibility refers to how easily it can be accessed for recovery. In our examples above, the data is not accessible unless the tape or disk is with a compatible system. Accessibility for that system may be close to 100% for an administrator in a server room, but may be reduced to zero while the administrator is off-site or away from a designated computer. Meanwhile, the availability of the data remains the same.
When questioned on the importance of availability and accessibility, 70.3% of respondents say that these two are equally important. This indicates that our respondents understand the value of the data as well as the value of recovering the data quickly, possibly from a remote location or even a mobile device.
Protecting Multiple Locations
Perhaps one of the reasons that so many respondents value accessibility as highly as availability is that 53.4% are responsible for data recovery in more than one location. That means that the majority of the respondents are working remotely at least some of the time. Their data recovery systems have to be accessible from more than one location and probably by more than one method.
50.6% of respondents say that their backups are cloud-based, and 76% of respondents replicate their data backups in the cloud. These numbers suggest that the 77.4% who say they have a disaster recovery plan are using the cloud for redundancy and accessibility. Cloud based data recovery is generally performed through a web browser with no need for special hardware.
The Bad News
There are two data points that cause some concern among the Barracuda data protection professionals. The first is that 81.2% of respondents do not test their data protection strategies more than once per year, and about half of that number do not test them at all. This could be a major pain point for these respondents. As we mentioned earlier, data recovery may be the only way to avoid paying a ransom that may or may not result in the decryption of data.
Another point to consider is that it’s good business to test the company resources. If the company has invested in the technology and planning to protect the data, then these things should be tested on a regular basis. User files change in value, applications are added or replaced, data is moved … these are all reasons to be testing backups more than once per year. Perhaps an application upgrade uses a new database instead of the old flat files. Perhaps a new application was never added to the data protection plan.
The second point here deals specifically with Office 365. Nearly 66% of Office 365 administrators are relying on the Recycle Bin for backup. Only about 1/3 of our respondents are using a data protection solution to protect their Office 365 deployments.
The Microsoft Recycle Bin is a nice feature, but it’s job is to help the organization safeguard against accidental data loss. It’s not meant to be a data recovery solution. It doesn’t offer the features necessary to protect Exchange, Sharepoint, OneDrive, and the other services. Default retention times are not standard across services, so administrators may not even have the minimal protection that they expected. Data is non-recoverable once it is deleted or ages out of the Recycle Bin. Companies that have to work within compliance frameworks and liability requirements may find that the native Microsoft tools do not meet the regulatory standards.
If you find yourself in one of the scenarios that we identified as “bad news,” don’t worry too much. These are things that can be fixed quickly, and then improved upon as you go along. You can start right now by evaluating your current data protection and recovery plan. Do you have one? Who is responsible for the deployment and management of the plan? Is the plan being tested? Are there any gaps between your recovery objectives and the capabilities of your data recovery solutions?
One of the most important questions for you to consider is whether your data protection and recovery plans are part of your security strategy? If you work in an environment where data protection is separate from security, it’s time to bring those two functions together. In the age of ransomware, they cannot be separated.
Source: Data Recovery in the Age of Ransomware
Few trends in information technology (IT) have had a greater impact than the rise of cloud computing. In 2016, Amazon Web Services (AWS), the leading public cloud provider, brought in $12.2 billion in net sales, a 55% increase over the previous year. Today’s startup companies are practically required to have a cloud strategy or risk losing funding. Not to mention, just about every enterprise CIO has cloud migration and security in their top strategic mandates, and about 70% of organizations have at least one application in the cloud.
The cloud has won, and its momentum is only expected to increase. However, not every company is equally well-positioned to move to the cloud. Companies will need to adjust their strategies and approach to remain competitive over the next decade.
Read More : The Next Phase Of The Cloud Computing Revolution Is Here
Microsoft recently released two new General Data Protection Regulation (GDPR) compliance assessment tools to further round out our GDPR resources already available on the Microsoft Trust Center.
New tools to assist your journey to GDPR compliance
Available to any business or organization, Microsoft’s free GDPR benchmark assessment tool is now available online. Our interactive tool guides users through 26 questions and generates a downloadable report showing the organization’s readiness to comply with the GDPR’s provisions.
Available to customers through Microsoft’s extensive Partner Network, our detailed GDPR readiness assessment tool provides an in-depth analysis of the organization’s readiness and it offers actionable guidance on how to prepare for compliance, including how Microsoft products and features can help simplify your journey.
Chart showing GDPR Journey Stage and Next Steps
Will you be ready by May 2018?
When the GDPR goes into effect on May 25, 2018, it will require that organizations in Europe, and around the world, follow a range of new privacy and security requirements. While some companies are already working towards GDPR compliance, a recent study from the research firm Gartner reports that less than 50 percent of all organizations will fully comply with the GDPR when it goes into effect. *
For organizations working toward GDPR compliance, the Microsoft Cloud can help you. We have expertise protecting data, championing privacy and complying with complex regulations. Microsoft believes privacy is a fundamental right and that the GDPR is an important step forward for clarifying and enabling individual privacy rights.
As the GDPR deadline draws closer, we are here to partner with you. Meeting the requirements of the GDPR doesn’t have to be a difficult path and Microsoft is here to help. Visit http://www.microsoft.com/gdpr to view our GDPR webcast, download GDPR whitepapers and register for upcoming news related to what Microsoft is doing for GDPR.
* From Gartner research note, “Adapt Your Cloud Hosting Proposition Now for Imminent GDPR European Privacy Regulations,” Gregor Petri, Bart Willemsen, Tiny Haynes, March 29, 2017.
Source: Are you ready for the EU’s General Data Protection Regulation (GDPR)? Our two new tools can help you find out – Microsoft on the Issues