Ransomware Raises The Stakes For Data Insurance
August 14, 2017 Adam Roth
In May, the WannaCry ransomware attack flooded news headlines worldwide. With over 230,000 infected computers, covering a span of roughly 150 countries, it was one of the larger attacks we have seen in some time. WannaCry spread through various operating systems but appeared to have had little impact on IBM i shops.
However, even though IBM i have the reputation as being an impenetrable operating system doesn’t mean that they are immune to attacks. If an IBM i shop has a connected Windows network on a shared drive with the IBM i host, a virus can easily enter and spread across the entire network.
It is important to implement prevention tactics such as automatic updates and certain security measures, which are both incredibly important measures to reduce the risk of a virus entering a network. However, what does an IBM i shop do once it has been infected? Pay the ransom?
Having valuable data held hostage doesn’t mean you have to pay the ransom to gain access to your data again. If critical data is being backed up properly, the data should be fully recoverable and the system completely restored, resulting in no data loss.
Backup, Backup, Backup
In the event that a data loss or corruption situation has occurred, having a dependable backup system is really the only way to retrieve the data. Whether it’s an internal error or a security breach, proper data backups are imperative to restoring systems. The ideal outcome is to be able to completely restore machines and all data from a recent backup. But, what happens when the corrupted data is transferred onto the backup?
Redundancy isn’t necessarily a word we like to see in business, or data storage, but when it comes to protecting critical data, a certain amount of redundancy is necessary. Data replication is now a common practice with data storage systems. After decades of disaster incidents resulting in data loss, saving information to a remote storage site is an integral component of any backup strategy.
While every IBM i shop has its own set of needs, compliance requirements, and data accessibility constraints, there are two main types of disaster recovery solutions that companies utilize to ensure business continuity: virtual tape library (VTL) and continuous data protection (CDP) solutions. Choosing which is the right solution for your organization could make or break your business in the event of a disaster.
When investigating what solution is appropriate for each unique IBM i environment, all decisions should drive to an acceptable recovery point objective (RPO) and recovery time objective (RTO). The RPO is the maximum amount of data loss that may be sustained during a catastrophic loss in order to resume normal operations, while RTO is the maximum length of time a data storage system can be down before an unacceptable amount of data is lost.
Cyber criminals demanded $300 in Bitcoin to decrypt victims’ files as part of the massive WannaCry attack on May 12.
The goal in identifying these key recovery factors is to update technology and processes that help achieve these objectives. These will be truly unique for each organization, as business continuity plans differ from one end of the scale to the other. The ultimate goal is to be able to construct the entire system without missing a beat from one of these saves.
CDP solutions create a mirror image of data and are generally near real-time, files transfer as soon as they are written. This method is great when there’s a need to retrieve data from 3 minutes ago, but not so great at retrieving data from weeks ago. If a ransomware or other malware enters a network, infected data will move from disk A to disk B, making both data sets virtually worthless. CDP solutions can also be costly and require large amounts of storage.
VTL is a point in time backup solution that creates an entire hierarchy of backups. VTL replication is based on an event trigger, either when a user manually starts replication or a pre-determined event occurs. Depending on the environment, point in time backups are typically performed on a set schedule and retained for much longer periods of time than a CDP solution.
This allows for multiple sets of full and incremental backups to be kept to ensure the ability to re-construct the entire system from a prior system save. During a ransomware attack, A VTL solution allows organizations to retrieve data from days, weeks or months prior, restoring the data from a “last known good” point of time prior to the event. Some organizations adopt both methods, building a nearly bulletproof disaster recovery solution.
Encryption
If you have a smart phone from any manufacturer, chances are you have encryption automatically built into the device to secure the valuable information housed on your phone. However, encrypting valuable data is often not a top priority for organizations.
No matter where the data is living, on a disk sub-system, physical tapes or a cloud vendor, encrypting data at rest is an important factor in reducing the impact of cryptographic ransomware or a security breach. As data is moving from point to point, having data encrypted in flight will help prevent unwanted access or loss of integrity. Encryption creates yet another layer of protection.
System Monitoring
Remember, it is important to verify periodically that disaster recovery solutions are working correctly. The second worst possible scenario to suffering a data disaster is to not have a functioning disaster recovery solution. Constantly monitoring a backup solution is essential to make sure there are no software or hardware failures that could prevent systems from being properly restored.
Again, depending on the industry and regulations surrounding data storage policies, periodic tests of backup and recovery capabilities should be performed on a regular basis. This means if your organization has different disaster recovery sites, effort should be taken to fire up the entire system, identifying any potential issues with recovery. This is a cumbersome but necessary step, especially if data loss will have a significant impact on the organization. Many times this can even mean life or death to an organization.
At the end of the day we are talking about protection. Much like the various forms of personal insurance (auto, house and health) we carry for the “just in case” situations, insuring the protection of data is just as important. Implementing a reliable, well thought out disaster recovery solution to mitigate data loss from human error, system failure, or cyber-attack will provide the backbone for continuing business operations no matter what happens.
Backup is a fold-back option not a strategy against Ransomware or Malware threats – Encryption is a good start but a company needs to be proactive and implement ATP.