Over the last few years, everyone working in IT has been involved in, or knows someone who has been hit with some form of malicious ransomware.
Public cases this year include but are not limited to:
These brands aren’t alone, with formal notifications to the Office of the Australian Information Commissioner (OAIC) topping 500, over 30 of them were specific to ransomware. The extent of the impact to the end user and indeed the company will depend on their services and how much data they hold. If you take the recent Garmin outage as an example, it affected not only all the exercise junkies out there, but also impacted numerous aviation services for users around the globe.
In the case of Garmin, their market position as the ‘go-to’ fitness tracker and indispensable aviation tool with hundreds of thousands of users globally, meant that the extended outage resulted in extreme visibility. The volume of noise levelled at Garmin should serve as a cautionary tale for similar organisations.
Whilst surprisingly enough, in this case it doesn’t seem to have had an impact on the share price, to a smaller company, with less brand loyalty or in a more competitive market this could easily have contributed to another business going under in an unforgiving economy.
Now, we have no idea what really happened behind the scenes over the 5 days outage. Rumour of a $10M ransom being paid may or may not be true, maybe they restored everything from backups? What we do know is with a small investment in planning and potential technical remediation, they could have potentially recovered well within 24hrs and minimised bad press and brand damage.
If you think about your own organisation, how confident are you that when it happens at your place, you will be able to minimise the outage and reputational damage? The custodians of the services and data are liable for the outages and breaches at a corporate and potentially civil level.
Planning, process and technology
In our experience most companies have already invested in some form of data protection. These tools are available at multiple levels of the infrastructure stack and sometimes within the applications themselves. What we often find missing relates to planning and process:
- Business and compliance requirements
- Overall data protection strategy
- Resultant configuration required
- Ongoing operations and test procedures
- Emergency response procedures
- Communication plans
A complete data protection framework needs to address all the above to be of the best possible value when the inevitable occurs. At a bare minimum, the ability for IT to recover quickly at a technology level is not an unreasonable expectation and should be priority enough for any business to fund some potential remediation or investment.
The various forms of data protection include:
- Disaster Recovery (DR) - DR provides zero data loss as it is real time replicating all IO to the secondary site. With that said, it also means as soon as a file is encrypted, the entire purpose of DR is to replicate that encrypted content as fast as possible – on its own, this will not help
- Next best is near real time with journaling. This gives you a ‘Foxtel style’ recovery where you can wind back and forward in a journal of captured IO. Perfect to recover to a very specific point in time however if every file has been encrypted and changed – every journal space has filled and overwritten itself before the alarm has been raised
- Snapshots are available on most full featured storage platforms and from within the hypervisor - these can provide rapid recovery of multiple points in time
- Backups are then the last resort, they often taken overnight, but stored for long periods of time so potentially the best chance of recovery if you need to go back a few days. Restores can be slow though and if there isn’t a regular testing regime, this will cause delays in a time of need. It’s also imperative that the backups are protected from the production network and authentication
How TDL can help: