Several years ago, around the time that ransomware attacks started making the front pages of mainstream newspapers, not just in the IT press, I took part in a number of webcasts on the topic. The various vendors sponsoring the webcasts supplied solutions to help combat the threat – firewalls, deep packet network inspection, anti-malware device protection, network behaviour anomaly detection and incoming email scanning, to name but a few.
The one essential anti-ransomware technology area that I always brought into every conversation was the only one which none of them was actually promoting, namely core data protection. Yes, backup and recovery.
Fixing data protection’s undeservedly low profile
I have worked professionally in IT for the best part of four decades (OK, two of them as an IT industry analyst, but it still counts!), and it never fails to surprise me how little regard data protection gets. For far too long, if people outside IT have thought about data protection at all, they have thought of it as something that has already been taken care of, or is of little importance.
This is further from the truth than the statements of a UK cabinet minister. But things are changing. Ransomware attacks against organisations, large and small, are now very high profile. In addition, legal and regulatory requirements have made data protection and, in particular, data recovery, something that business leaders and board executives have to address. Albeit often by simply directing IT to get it sorted.
So we are finally seeing the fear of ransomware almost forcing organisations to look again at how they protect data, how they can recover it quickly – even across many systems rather than a few files. They also need to be sure that the recovery process will not simply reinstall the source of the ransomware attack.
As many vendors are starting to say, data protection and recovery is the organisation’s last line of defence against ransomware. This is accurate in many ways, since if all your other security measures have failed to prevent the attack (including all the human factors that my colleague Bryan Betts referred to in this blog post on why ransomware still works), then recovering at least some data could be the only way to retrieve information.
Modern data protection can be more than just insurance
On the plus side, the ransomware imperative is only one part of a much bigger picture when it comes to the value of using modern data protection solutions. Such tools are certainly needed to help recover from malware attacks, but modern solutions can also provide a base from which additional business value can be extracted.
Today many organisations are looking to extract more value from the data they hold, including “old” data. The 360 view of opportunities frequently requires looking back at historical data. Modern data protection tools often have cold and warm archiving capabilities that can make far more data available to analysis.
Your agenda may well include ensuring data recovery after a ransomware attack, hopefully with a budget attached too. If so, modern data protection tools are certainly something to investigate, but please also look to see if they have benefits beyond the obvious.