Climbing Mount Everest isn’t a feat for the faint hearted. Extreme weather, dangerous terrain and acclimatization requirements make the trek challenging for even the most experienced climbers. It’s estimated that the expedition takes more than two months, on average. That’s a lengthy process that involves a lot of planning and guidance along the way.
For businesses, conquering a ransomware attack can feel like the metaphorical equivalent of scaling a mountain. The journey from identification of a ransomware attack to containment is nearly as long as an Everest expedition. And while the stakes aren’t literally life or death in most cases, some organizations could be at risk of financial and reputational devastation.
Countering cyberthreats like ransomware is an inescapable aspect of today’s business operating environment. No organization is immune. One phishing email, one exposed cloud storage bucket or a set of stolen credentials can lead to a breach, exposing billions of records. Attacks have become so commonplace that 83% of IT and security professionals in a recent global survey said their organizations had been targeted by ransomware attacks within the past 12 months. Moreover, 74% reported multiple attacks during that same period.
To navigate this landscape, organizations must shift their approach, incorporating more proactive measures to rapidly recover when the inevitable attack strikes. IT teams are, no doubt, feeling the pressure. Securing data and ensuring its constant availability has evolved into a challenging endeavor. Data is exploding at exponential rates and now lives everywhere – across hybrid, multiple clouds and SaaS environments. The complexity of managing and protecting all that data can feel overwhelming for even the most well-equipped organizations. Here are three strategies for regaining control.
Don’t approach cyber recovery like disaster recovery
In a non-malicious, traditional disaster incident such as hardware failure or accidental deletion, the backup platform isn’t a target. Recovery is straightforward with a recent backup copy. You can quickly recover right back to the original location or an alternative location. In contrast, a cyberattack maliciously goes after anything and everything, making recovery complex. Backups are an especially attractive target for hackers because they represent an organization’s last line of defense.
In a cyberattack scenario, the priority is containing the breach to stop further damage. Forensics teams must pinpoint how the attacker gained entry, find vulnerabilities and malware, and prevent reinfection by diagnosing which systems were potentially affected. Data decontamination is then needed to ensure threats aren’t reintroduced during recovery.
Ransomware events can also necessitate coordination across IT disciplines, various business teams, legal, public, investor and government entities. Disaster recovery is likely something your organization deals with only infrequently. Expect cyber recovery to be the norm. Treat these with different approaches.
Look to AI to help automate detection and recovery
Cybercriminals have been enjoying the first-mover advantage in putting AI to work for their nefarious purposes. AI tools have allowed them to increase the frequency, speed and scale of their attacks. But now it’s time to fight fire with fire.
There are already multiple options for organizations to leverage AI in detection and recovery efforts. For example, generative AI-powered copilots. These can serve as a guide for both IT specialists and generalists. By monitoring data protection infrastructure through simple conversation in natural language, copilots can quickly identify cyber vulnerabilities, including unprotected assets. They can also proactively assist with troubleshooting, recommend and apply tailored protection policies and steer users through complex data management tasks.
AI can additionally enable data protection solutions to monitor and defend themselves against threats from compromised backup administrator credentials. AI can flag anomalies in administrative user behaviors and adjust security parameters to lock down data access. Similarly, AI can supercharge malware detection and response when combined with hash-based tracking of malware in backup data and blast radius analysis. This represents a significant reduction in the time it takes to scan and assess the malware’s spread across an entire estate.
It’s all about detecting and recovering in smarter, simpler and faster ways. With AI, organizations can force multiply their efforts and enhance their readiness. AI can help them customize, test and automate granular-level recovery blueprints, encompassing multiple domains. AI can even recommend recovery points, eliminating the need to manually identify the “last known good copy,” relying instead on risk engine analysis to minimize the dependence on costly malware scans. Lean into AI to remove the guesswork and trial and error.
The more you do in advance, the better
Cyber resilience requires daily care and feeding. Start by inventorying, classifying and capturing all your data. Then protect it, assess that protection, harden as needed and enhance with AI capabilities.
Isolate important data by implementing a 3-2-1 backup strategy and don’t neglect to develop a comprehensive cyber recovery plan across all data and all teams in your environment. Be sure to rehearse and finetune that plan on a regular basis.
No one expects to ascend to the top of Mount Everest without the right equipment, preparation and support. Reaching peak levels of cyber resilience is no different.