As many as 58% of Dutch businesses and organizations that were victims of ransomware in 2023 had no backup. A good backup and disaster recovery strategy is important to recover quickly after a ransomware attack and both play a crucial role in ensuring business continuity.

Back-up and disaster recovery

A backup focuses on regularly copying data, files and information, to preferably a secondary location, in order to restore it in case of loss or damage. In case of data loss due to a ransomware attack, for example, it can take days to weeks before the backup can be restored. After forensic examination, the data can be unlocked for production. Disaster recovery takes this a step further and is a comprehensive plan that includes not only data recovery, but also the ability to restore entire IT infrastructures, networks and business processes within a considerable amount of time after severe disruptions, such as natural disasters or cyberattacks. This minimizes downtime and allows the organization to return to normal operations as quickly as possible, even if entire servers or data centers are down. Together, Backup as a Service and Disaster Recovery as a Service are therefore a powerful solution to ensure business continuity by guaranteeing both data recovery and operational recovery plans in the event of unexpected disruptions.

Recovery, and with it business continuity, is usually expressed in two types of objectives: Recovery Time Objective (RTO) and Recovery Point Objective (RPO). RTO indicates how long your organisation can go without a particular service before it results in loss or risk. RPO determines the point from which your data can be restored. Whereas traditional backup and snapshot solutions offer an RPO of 15 minutes up to 24 hours, the requirements in modern digital environments are much more rigorous. Here, both RTO and RPO must be as short as possible - preferably expressed in minutes or even seconds. Many organisations focus on a quick restart (RTO), but in doing so, do not consider that not being able to recover lost data (RPO) can have long-term consequences.

When developing a strategy around business continuity, it is important to remember that not all systems, applications and data are equally business-critical. Data classification is necessary for this. For the most business-critical applications, a working disaster recovery strategy is essential, with low RTO and RPO (low data loss and fast recovery) and a tested recovery plan. For other applications and types of data, cheaper solutions and higher RPOs and RTOs may be acceptable.

‍

The NIST Cybersecurity Framework

The NIST Cybersecurity Framework is a guideline developed by the National Institute of Standards and Technology (NIST) to help organisations improve their cybersecurity. The framework consists of five core functions: Identify (Prediction), Protect (Prevention), Detect, Respond and Recover. These functions help organisations understand their security risks, implement protective measures, monitor threats, respond to incidents and recover after attacks.

It is essential to integrate all components of the NIST model into a plan that protects your organisation from the consequences of a cyber attack. Of course, you want to prevent a cyber attack and put all your efforts into that. But it is just as important to be prepared in case you do get hit. Preventive cybersecurity tools can be excellent at detecting and blocking attacks, but ransomware can still break through all the layers. In that case, recovery solutions are crucial.

A study by Sophos found that in 57% of cases, attackers were successful in compromising backups, leaving more than half of victims unable to complete their ransomware recovery. This shows how valuable an external, immutable backup can be..

If we zoom in on the recover component, we see that this refers to measures taken to restore affected services and systems to the situation prior to the incident. To reach an adequate solution, ask yourself the following questions:

• What does it cost your organisation per hour if essential data is unavailable?

• What are the consequences of losing this essential data and is it even possible to fully recover it at all?

• How quickly can you get your essential data available for forensic investigation so that security experts can secure it again?

• Do you have a complete playbook ready that details what you will do if your organisation is hit by ransomware?

• Can you give your organisation's executives a guarantee that the organisation will overcome a ransomware attack? Consider the risk of hackers not releasing the environment despite payment. Or hacking later on because the measures to be taken have not (yet) been implemented.

Most organisations know that they need to combat ransomware with a layered, proactive as well as reactive security solution - also known as defence-in-depth. But which solutions can be used for this purpose and how can they best enhance one another? In the case of just an external backup, recovery can take days. This means unproductivity and data loss. In other words, high costs. Ransomware Recovery with AI, on the other hand, emphasises detecting an incident, responding to it and restoring data within minutes.

Want to know more? 

In our blog article next week, we discuss the solution Fundaments offers to provide unmatched protection against ransomware: Ransomware Recovery with AI. Would you like to know now what Fundaments can do for you in this regard? Contact us by calling 088 4227 227 or emailing  info@fundaments.nl.