Author: Raymond Goh, Head of Systems Engineering, Asia & Japan, Veeam
2017 has brought to the surface an astonishing number of cybercrime – these incidences have been dominating media headlines with high profile attacks like WannaCry, Petya, and most recently, NotPetya. Even though NotPetya is supposed to be more dangerous and intrusive than WannaCry, its impact was much smaller, likely due to most organisations having patched their vulnerable systems following the WannaCry scare in May.
Asia escaped relatively unscathed, with local impact mainly stemming from the local offices of some international companies. Chief Executive Officer of CyberSecurity Malaysia, Dato’ Amirudin Abdul Wahab cautioned Malaysians to be vigilant about other possible attacks for businesses in Malaysia. The true impact of today’s ransomware attacks is that mission-critical business data is unavailable, meaning that people are unable to do their jobs, affecting the value chain. While organisations have readily pumped in thousands and millions of dollars on having the right security programmes and tools to strengthen the security infrastructure, many have yet to make the same commitment to their data management solutions, when these solutions are a critical component of the organisation’s recovery strategy, and necessary in getting systems up and running with minimal disruption and impact to business continuity.
According to Veeam’s recent 2017 Veeam Availability Report, 82% of organisations globally admitted their inability to meet the demand for always-ready business operations, with 77% unable to protect data frequently or reliably. Narrow it down to just organisations in Singapore, and the numbers jump exponentially to 96% and 94% respectively. That’s just shocking, and a disaster in the making.
With many cybersecurity experts warning that we’ve yet to see the last of these ransomware attacks, ransomware is quickly turning into the theme of 2017. It’s not too late to start implementing protective measures and best practices. At Veeam, we used to talk about the 3-2-1 rule: 3 copies of your data – 1 of which being production, kept in 2 different media types, with 1 offsite.
In light of the growing trend of ransomware attacks and to keep ransomware from potentially attacking your backup data first, we’ve modified the Backup Best Practice to the 3-2-1-1-0 rule:
Maintain at least 3 copies of business data
Store critical business data on at least 2 different types of storage media
Keep 1 copy of the backups in an off-site location
In the ransomware era, it’s a good idea to add another 1 to the rule where one of the media is offline
Ensure all recoverability solutions have 0 errors