As the ransomware threat intensifies, ransomware protection must react. What do storage and security experts recommend?
Christoph Storzum, regional director DACH, Scality, recommends a cyber-resilient approach
“IT departments would be well advised to make cyber resilience a top priority. Protecting and recovering data should be at the forefront of CISOs’ minds. Importantly, this should include the entire infrastructure, including storage. At a time when ransomware attacks can hit every layer of infrastructure, storage is really the last line of defense.
Cyber criminals are getting more creative with backup data in mind. Organizations with legacy data protection strategies are particularly vulnerable, and protracted system outages cost billions of dollars as well as exorbitant ransom demands. It is imperative to make the core of the infrastructure stack, where all mission-critical data is stored, more resilient.
Storage must evolve to a cyber-resilient approach with the new 3:2:1:1 rule. Block, file and NAS storage cannot provide the level of security that the new, modern, S3-compliant object storage can. With five levels of cyber-resilience in the context of storage (immutability, encryption, distributed erasure coding, and advanced georeplication), ‘unbreakable’ data protection is possible. IT departments can’t afford to hope that legacy infrastructures will continue to protect them.”
Bruce Kornfeld, chief marketing and product officer, StorMagic, emphasizes the importance of the 3-2-1-1-0 model
“Ransomware and cybersecurity will remain a key target for C-level executives in 2023 and beyond. As threats evolve and persist, adoption of 3-2-1-1-0 data protection strategies will skyrocket. The 3-2-1-1-0 model calls for organizations to keep three copies of their data on two different types of storage. One copy is off-site and one copy should remain offline and have no errors. This best practice will help organizations ensure that all data is backed up, securely stored and retrievable in the event of a ransomware attack.”
Valery Guilleaume, CEO and Co-Founder, Nodeum, also has specific tips for better ransomware protection with Air Gap and Immutability
“Defend yourself with offline tape storage and immutable cloud/object storage. Build layered protection against ransomware by creating immutable storage copies of your data in cloud and object storage. Use object locking technology to protect data from deletion and modification, creating a virtual air gap. All the while, data remains instantly accessible in its native format without having to wait for recovery operations to complete.”
Markus Warg, Field Technical Director EMEA, Nasuni, advises using latest-generation software tools, such as cloud-native storage
“The threat of ransomware and malware attacks is increasingly unsettling IT managers, and it’s becoming clear that traditional approaches to data protection regularly reach their limits. For example, recovering data from an attack using traditional systems can take weeks, which is why some companies find it more cost-effective and time-saving to pay a ransom. But this often leaves them vulnerable to further attacks once again.
The future of protection against such attacks lies in latest-generation software tools, including cloud-native storage. Their advantage is built-in protection against attacks, coupled with extremely fast recovery from cyberattacks or data loss, often even unnoticed by users, which dramatically mitigates the impact of attacks. The way these modern solutions work is based on the continuous creation of file versions, which, in the event of an attack, makes it possible to revert to the exact pre-attack version that is unencumbered. Thanks to this method, files can be restored on the spot within a few seconds.
By automatically detecting ransomware attacks with quarantine functionality in these technologies, downtime in companies caused by attacks can be drastically reduced or even avoided in the first place. For example, in the case of a German engineering company, despite having all of its file shares encrypted by ransomware, it was able to recover validated file data in just 60 minutes in its production environment after a 12-hour assessment of the potential damage.
With these advanced technologies, organizations are prepared to deal with ransomware attacks in the future, as the automatic attack detection and mitigation capabilities, coupled with rapid file recoverability, provide a sound approach.”