One of the ominous lessons from the Colonial Pipeline hack is that it was a new highwater mark in the effects of ransomware. Shortages of gasoline reminded some of gas lines not seen since the 1970s.
The pipeline company’s decision to pay the ransom ( The Guardian reported it was $4.4 million) seemed to add insult to injury. They were hardly alone. According to Reuters, US travel services company CWT paid $4.5 million last year. London-based Travelex, the currency exchange company, reportedly paid $2.3 million to release data as well last year, The Wall Street Journal noted.
Last year, ransomware attacks rose 150 percent, according to a report from Group-IB. So, what can be done? More importantly, what should VARs or solution providers serving the enterprise market do?
If there’s one thing the last year has taught us, it’s that enterprises should always be thinking it’s a matter of “when” not “if” disaster strikes. Customers and clients may well ask what they are paying the VAR for if not to prevent data breachers. The truth is they are paying for your expertise to deal with real problem: what to do in case the worst actually happens.
The best defense against ransomware is the ability to quickly restore data from uncorrupted backups, or at least be able to access your stored data to prevent shutdowns. Today’s storage and protection technology can do this in several ways, with DRaaS (Disaster Recovery as-a-Service), advanced data protection or by converged protection and storage.
But there is also a mindset difference: It’s about pivoting from the defensive or passive mindset (our data is protected with X tools) to resiliency. This means a shift of focus to doing whatever it takes to recover to normal business, no matter the data disaster.
Sometimes this requires a new look at security from the policy level or being able to “game” any data breach scenario to develop effective responses. This may be asking VARs and solution providers to use different skill sets, but it could be worth it.
It may be what separates you from other vendors or service providers. Ask your client about testing full restorations of data from backups, or if they’ve actually tried to test working in failover mode.
Have a plan to have these kinds of conversations with your client, focusing on speed of recovery and data—no matter the scenario or type of data threat.