Despite the best cyber-security measures, many organization find that their IT environments still have gaps that cyber criminals have taken advantage. Many market sectors continue to see high infection rates from ransomware. Once infected, basically an organization is at their mercy!

As a result, many organization are held hostage to those who think that encrypting mission critical applications in government, media and others is a means to make some cash, in some cases, lives are on the line when they perpetrate these crimes.

When these systems are compromised, a major business decision has to be made…does an organization pay a ransom and get their precious data back or do they take the hit and lose critical data with perhaps millions of dollars in incidental losses due to this criminal event. Sadly many have had to pay and others have taken the financial losses of wiping systems clean and starting over again in defiance of cyber criminals. That decision can hold mission critical systems up for days. In fact, many experts have said the average recovery time due to ransomware is about 7 days. I have heard in other regions of the world it’s as much as 15 days. This is clearly not acceptable!

What if you could treat ransomware like any other type of continuity event that you can prepare for and recovery from quickly? Is it possible not to be held hostage to cyber criminals? Can it be as simple as just failing over to a shielded recovery server without complex restores, wiping mission critical hardware clean, buying new hardware or worst of all paying for a ransom where an organization may or may not get a decryption key. The answer is yes you can!

If your looking for a new approach to addressing this issue here is what you need to look for. There are two basic requirements that any organization will need to consider when building a wall of protection from cyber criminals and selecting the right continuity technology.

First, with traditional clustering technologies, without strict hardening policies, malware can easily jump from node to node in essence defeating the purpose of having high availability solutions. What is needed is a firewall on all the nodes in the cluster that only allows dedicated replication traffic to enter the passive nodes on a secured IP port number and IP addresses. This provides the necessary shielding to ensure the passive nodes are safe from the OS being corrupted due to a ransomware attack! The combination of these first two options are PLAN B.

Second, it would be ideal that you have more than one passive node that is shielded. This provides organizations multiple safety nets just incase there is a rouge malware that was not detected and infects the newly recovered server application. This will be your PLAN C.

So you may ask, what’s PLAN A? Plan A is doing all the normal cyber-security risk mitigation practices to ensure that PLAN B or C are not needed. Many cyber-security frameworks (NIST, ISO, SOC, CMMC) have enough to put security controls in place. Even so, they need to be tested to ensure they meet rigorous standards and also have automated remediation to minimize risk that malware could infiltrate the environment. That’s the subject of another article.

That said, if PLAN B and C are needed, organizations should choose the right continuity solution that meets these requirements. These are the standards by which each organization needs to build their business continuity plan to defend from ransomware and not be held hostage.

Cyber criminals continue to innovate with very ruthless malware viruses and exploit human failures, software vulnerabilities, cyber-security gaps and now even piggyback on other software solutions. Nothing can guarantee 100% protection from these events and nothing can guarantee 100% recoverability. However, considering what are seeing in many industry sectors; having at least a strategy that relieves organizations from being held hostage is a huge plus. Organizations can now treat ransomware like any other continuity event like application problems, server hardware failure, natural disasters etc and prepare for it. Now it is easier to recover quickly and easily within minutes of the infection instead of days and weeks and that is truly good news!

Comments are closed.