SOURCING THE RIGHT ONLINE BACKUP
victims may feel compelled to pay the ransom to enable continuation of their services, according to Sophos.
What’s clear from the Sophos research is that encryption ransoms are more likely to be paid by victims who cannot restore data from backups. The report notes that manufacturing, construction, property and financial services have below average levels of ransom payment and above average ability to restore their data from backups.
For ransomware victims that pay a ransom, the chances of retrieving all their data are slim. One-third of victims reported that 50% or less of their files were restored, and only 8% got all their data back. The Sophos report concludes by recommending:
Assume you will be hit – that way you will be prepared.
Deploy layered protection to block attackers at as many points as possible across your network.
Combine human experts and antiransomware technology. If you don’t have the skills in-house, look at getting a specialist cybersecurity company.
Before you decide to pay the ransom, include in your cost/benefit analysis the expectation that the adversaries will restore, on average, only two-thirds of your files.
Have a malware recovery plan. Organisations that fall victim to an attack could have avoided a lot of cost, pain, and disruption if they had an incident response plan in place.
Make backups. Backups are the best method companies use to recover their data after an attack.
llllllAn effective data backup and disaster recovery solution will leverage the best aspects of various technologies and processes. That’s according to Becky Cook of KeepItSafe, originally an Irish online backup company that was acquired by Nasdaq-listed J2 Global a decade ago. J2 Global’s operating company in Ireland, which accounts for a number of subsidiaries in Europe, had turnover of €68m in 2019 and 100 people employed. The US parent had revenue of $1.5bn in 2020.
Cook notes that the 3-2-1 backup rule recommends a combination of on-premises physical media and cloud-based data backup. This calls for at least three copies of your data, at least two different types of media to store the data, and at least one copy of the data kept offsite.
Onsite tape has the advantage of familiarity, fast recovery and easy storage. The disadvantages are media failure, human error, and vulnerability to theft or disaster (unless offsite too).
With a cloud backup solution, data is automatically transmitted to data centres at regular intervals. For the SME customer, the first online backup will take time, though after that only new or updated files will have to be uploaded.
Online backup is marketed on the basis that the data will always be there when a business needs it. However, not all backup providers are the same. Firstly, online data backups may not be as comprehensive as promised. Secondly, when you urgently need to access the backup, responsive customer service is imperative.
For instance, US company IDrive will back up 1.25 terabytes for €41 per month, and more data for an extra cost. However, some of the negative commentary on TrustPilot might put you off availing of this provider. “Finding the right cloud backup solution for your company’s data can be an overwhelming and intimidating task,” says Cook.
The workaround starts with taking counsel from the business’s IT services provider, securing three or four recommendations, and then delving into the online reviews.