Subscribe

The air gap and ransomware conundrum

Cloud infrastructure holds the key to beating ransomware.


Johannesburg, 21 Nov 2017
Claude Schuck, regional manager for Africa, Veeam.
Claude Schuck, regional manager for Africa, Veeam.

Ransomware is becoming one of the biggest cyber threats that businesses face, almost a daily occurrence - and that's just the attacks that make the news. Short of paying the ransom, a solid backup strategy is pretty much the only defence a company has against this sort of attack.

Companies need to know that if their data is being held hostage, they can backup and restore business as usual quickly and efficiently. However, not all backups are created equal, according to Claude Schuck, Veeam's regional manager for Africa.

Schuck says, "By now everyone is familiar with the 3-2-1 rule of backups. You need to have three copies of your data, in two different forms of media, one of which is kept off site. The last point is the most important one when it comes to defending your business against ransomware. It's also known as the air gap."

The cloud is the obvious place to have a backup copy of your business's data. Schuck asks, "However, you have to ask yourself whether the cloud that you're using gives you that air gap? It certainly can do, as it's disconnected from your physical infrastructure. But you need to ensure it's a completely separate copy and that there's no direct path to it whatsoever. Obviously a tape has the best air gap as it's totally disconnected from your network, but it can take time to restore your data should a ransomware attack happen, whereas with the cloud you'll be able to restore the missing data quickly and efficiently."

Once an organisation is hit by ransomware, it tends to infiltrate everywhere on the network. If you have your backup copy on site and connected to your current infrastructure, it'll be infected too. "While having a backup copy on tape that's stored offsite is the most secure form of backup you can get, having your backup in the cloud with the prerequisite air gap will allow for faster recovery. You need to decide whether that's a compromise you're willing to make," he says.

While one approach is more secure, you need to offset that against the downtime your business will endure while you wait for someone to retrieve the tapes and access the data. Which is hopefully not corrupted.

Schuck cites the example of a small local dental practice that had been in operation for 20 years. "The business was diligent, did local backups regularly, but kept those all of those backups on site. The business was hit by ransomware and was unable to recover a single file. It meant that all patient records were lost, including contact information, appointment schedules, records of what work had been done or was due to be done, as well as x-rays and test results. The impact was so catastrophic that the business closed down within three months."

The business's failure to follow the 3-2-1 rule essentially killed the business and that's how quickly it can happen to any size business. Which is why the cloud infrastructure is so important in terms of having your business's data available for instantaneous recovery when - not if - you need it.

Typical consequences of ransomware include:

* The loss of highly sensitive data;
* Increased downtime, adding up to 12 hours of downtime each for users and IT staff;
* Damaged brand integrity;
* Loss of customer confidence;
* Loss of employee confidence;
* Lowered productivity levels; and
* Financial cost of the ransom itself.

Share