Ransomware affected 66% of organizations in 2023, according to Sophos' "The State of Ransomware 2023" report (linked below). The January 2023 report’s findings were based on an independent, vendor-agnostic survey of 3,000 IT/cybersecurity leaders in 14 countries.
Ransomware poses an ever-present threat, but there are solutions. Start by evaluating your structured data and deciding how much is valuable, and how much you’re willing to lose. As for your unstructured data, simply by implementing the Panzura CloudFS file system, you can take care of it all.
Your Recovery Point Objective
Your recovery point objective (RPO) is the maximum amount of data you’re willing to lose after recovering from a disaster. RPO also refers to the last point in time when data was saved in a usable format and indicates the data backup schedule for maximum data recovery. A tighter RPO calls for a more frequent backup schedule to keep losses to a minimum.
To determine a sufficient RPO, consider what data you have and where it's stored. Next, evaluate how often data changes due to normal operations. Then, assess the value of the data. At the most basic level, set your RPO to coincide with the most data loss you can tolerate. Industry-specific factors—such as financial and healthcare data retention regulations — may help determine this and the backup schedule.
But, while frequent backups reduce the chance of data loss, storing and restoring duplicate data adds cost and complexity. Panzura has the solution.
Your Recovery Point Objective with CloudFS
When you save a file for the first time in the Panzura CloudFS file system, it’s split into the base content and metadata about that content. Both datatypes are stored as immutable blocks that cannot be overwritten; All changes are additive. The blocks are then compressed and sent to the secure cloud object store of your choosing—and the metadata blocks are also stored in all network nodes, so they are everywhere in the network.
A catalog of metadata is kept in write-once, read-many form, and read-only network snapshots (pictures of your data showing the state of your information) are taken at your prescribed interval. These artifacts are part of Panzura operations that help you achieve a near-zero RPO and are not part of your storage costs.
No Backups, No Backup Storage, No Backup Management Needed
With the CloudFS enterprise file system, the backup schedule is moot; you don’t need it. Or another way of looking at it is that it’s continual.
Instead of a time-consuming and voluminous backup scheme, all your data—every version—is always available. Clicking on a file in the CloudFS directory causes the original file in your datastore archive, and its metadata, held everywhere, to join for viewing, editing, and sharing. This is the case everywhere in the world, Jodhpur to Jersey, all your data is available in a few seconds. With this scheme, you essentially have infinite copies, but without a cumbersome footprint, management, and storage fees. CloudFS compressed root files and metadata are very lightweight.
How Panzura Ransomware Recovery Works
Now, let’s say a bad actor has unfurled a ransomware attack on you and is encrypting your data. Instead of restoring a backup, restoration is guided by a snapshot taken before the attack began and by use of the metadata catalog that (re)establishes unaffected blocks. Editing a catalog is much faster than restoring duplicate files. Depending on circumstances, you could be back up and running in minutes. With Panzura, you never have to pay a ransom.
Your Recovery Time Objective
Although RPO is expressed by time, it’s not the same as recovery time objective (RTO), which is the amount of real time in which you must restore processes to an acceptable level to avoid significant consequences. RTO can be seconds, minutes, hours, or days, but as the Sophos report findings show (see box), full restoration from backups often requires more than a month.
(Archaic) Advice on RPO Settings
You don't need to do any of the following with CloudFS behind you.
- For data essential to business operations that you can’t risk losing, backup once an hour.
- Semi-critical data should be backed up every 1 to 4 hours. This includes on-file servers and chat logs.
- Less critical data should be backed up every 4 to 12 hours. Many businesses have a higher loss tolerance for this type of data.
- Infrequently updated data that isn’t essential to business operations can be backed up every 13 to 24 hours.
Keys to Preventing Ransomware Attacks
- Maintain Data Backups, or Better, Snapshots
Data backups play a key role in disaster recovery plans. Regular backups, or Panzura continual snapshots, and isolated data storage help keep data protected and readily available. Both backups and Panzura snapshots prevent data loss during a disaster. Proper backups enable you to resume normal operations, but you need to test backups routinely to ensure that all data is correct and complete. On the other hand, with Panzura, snapshots are built into everyday operations. - Establish Plans and Policies
The middle of an unexpected disaster is not the time to decide how to mitigate the problem. Instead, prepare by defining the roles employees and departments will play and how the various roles will communicate with each other during a disaster. Also, set up company-wide policies and make them well-known so employees know how to handle suspicious behavior. - Implement Endpoint Security
With more employees working remotely, endpoint security is more crucial than ever. Every endpoint can be vulnerable to attack. Endpoint security technologies, such as antivirus software, intrusion prevention systems, VPNs, and other tools can make it easier to monitor and manage endpoint security. With the Panzura Edge gateway, remote and mobile users can avoid creating copies or moving data out of your scalable, protected, ransomware-resilient CloudFS environment. - Keep Systems Updated
Ransomware is constantly evolving as perpetrators try to bypass security systems. Keep all software and devices updated to help close security gaps. - Install Antivirus Software
Antivirus software is a fundamental defense against ransomware. Firewalls are the first line of defense and users should be educated on the tell-tale marks of phishing. - Prioritize Security Awareness Training
With the proper training and preparation, your organization will be able to spot and stop ransomware before the damage gets out of control. Extend training to every level and part of the company so every employee can spot and report suspicious activity. Additionally, employees should be trained in safe web surfing, strong passwords, use of secure access technologies, and the importance of system and software updates. Also provide users with an emergency reporting channel.Ransomware isn’t going anywhere — but with Panzura, neither is your data.
The Sophos report also found:
- Annual revenue is the greatest indicator of the likelihood of experiencing an attack.
- Data encryption was used in 75% of attacks.
- In 30% of attacks where data was encrypted, it was also stolen. Theft is used to exhort payment and increase revenue through sale of the data. It increases the importance of stopping the attack as early as possible.
- 97% of those surveyed that had data encrypted recovered it. Backups were used in 70% of incidents; 46% paid the ransom; 2% used other means.
- Ransom payments doubled since last year to a mean of $1,542,333.
- The mean cost to recover for organizations with revenues over $5 billion was nearly $5 million.
- 84% of private sector organizations reported that attacks caused them to lose business/revenue.
- Median recovery cost for using backups ($375,000); for paying the ransom ($750,000); [added] for using Panzura CloudFS ($0).
- 45% of those using backups, and 39% of those paying the ransom, recovered within a week; 23% of those using backups, and 32% of those paying the ransom, took more than a month to recover.
References
Sophos. "The State of Ransomware 2023." https://assets.sophos.com/X24WTUEQ/at/c949g7693gsnjh9rb9gr8/sophos-state-of-ransomware-2023-wp.pdf