*Updated February 2023*
If you are responsible for data security in your organization, you’ve likely had recent interactions with your IT group around recovery time and recovery point objectives (RTO and RPO). You want to know if your data assets are safe and recoverable, not only from traditional data center gremlins but also from emerging and increasingly sophisticated cyber threats, particularly ransomware.
Mission-critical workloads are becoming increasingly distributed, both physically and logically. The data that underpins these workloads is extremely valuable to an organization. Sure, you still may need physical hardware, operating systems, microservices, APIs, and applications working together to present the data as useful information, but it is the integrity of your data that you are most concerned with when hit with the big ‘R’.
Let’s say you’ve already gone through a business impact analysis (BIA), established a business continuity plan (BCP), and derived from it a disaster recovery plan (DR). You also know IT has a playbook that is ready to activate when the inevitable hits. Great start! You can use those artifacts to meet regulatory, insurance, and compliance requirements and, as a bonus, they can even assist with a structured approach to address common data disaster scenarios.
What many of these activities don’t do is ask a couple of really key questions:
1) Can you actually recover your digital assets within the SLAs that were set? How long will it take?
2) Can you quickly assess how much of your data is compromised?
The answers to these questions most likely live with your operations teams – if you haven’t asked them lately you should. The bottom line is that your ability to recover successfully could be dicey at best, and it may be because you haven’t asked the right questions of the right people.
I wanted to share a few additional questions that I think are critical to really understanding how well-positioned your organization is to respond to a Ransomware attack. While not
necessarily an exhaustive list, these are good places to start to give you a sense of where you stand.
Each of these questions needs to be asked and then mapped to a possible outcome that outlines what you need to do should an unexpected scenario arise.
For the record, we do not recommend any company establish a strategy of paying the cybercriminal because it proliferates the ransomware ‘business’ and makes it stronger. It also shows you are willing to pay which can make you a recurring target.
If you find the answers to the remaining questions stated above are anything but "Yes, absolutely, let me show you" then you have reason to believe you need to shore up your defenses.
You may want to redefine and review your ‘people and processes’ and continue doing that on a regular cadence. Equally important is to find the right tools and technology, like Rubrik’s Polaris Radar, to enable you to recover quickly and accurately to match your RTO and RPO SLAs.
Being able to recover from Ransomware is not the same as having a Ransomware plan.
Please reach out to us if you are interested in learning more about technologies like Rubrik, that don’t just back up your data, but protect it and allow you to reduce recovery time from days and weeks to hours or less.
If you have concerns about your overall Ransomware preparedness, I’d encourage you to connect with our Risk, Security and Privacy team who can more fully assess your current position and provide recommendations for where to start.
Check out our Ransomware Readiness Assessment.
Contact our RSP Team here.