Blog by James Bergl, Director, Datto Asia- Pacific
Global ransomware attacks like WannaCry, NotPetya, and GoldenEye made 2017 the year of ransomware, shocking the world and stealing the media limelight by affecting millions of organisations worldwide and making businesses of all sizes sit up and take notice.
Since that time, news reports have died down, leading us to believe that the threat of ransomware may be a thing of the past. A recent warning, however, issued by the Cyber Risk Management (CyRiM) Project, a Singapore-based initiative formed by organisations from the public and private sector, is reminding business owners in Singapore and the wider region to remain vigilant, as the next global attack could be just around the corner, and its impact on businesses of all sizes could be BIG.
The report entitled Bashe Attack: Global Infection by contagious malware, explores a hypothetical attack launched through an email infected with a ransomware virus capable of encrypting data across 30 million devices worldwide within 24 hours. According to the report, companies of all sizes would be forced to pay a ransom to decrypt their data or to replace infected devices. The 2019 report concludes that the most severe scenario could affect more than 600,000 businesses worldwide, costing the world economy US$193 billion, with the least severe costing around US$85 billion.
Aside from the actual ransom to-be-paid in these scenarios, the report notes that much of the impact to businesses would result in the costs associated with cyber incident response, damage control and mitigation, plus the cost of business interruption and system downtime, resulting in reduced productivity, lost revenue and loss of reputation.
At Datto, we know that even if businesses apply best practices to limit the impact of ransomware attacks, like backing-up critical files, ensuring they have a good cybersecurity solution in place, and ensuring they are patching their systems appropriately, none of these things is going to help them restore their systems and get back up and running in the fastest possible time following attack.
The only way to do this is by having a watertight disaster recovery strategy in place. But where to start? To help, we have put together five pointers to help you prepare for the worst-case scenario.
1. Establish recovery goals
Your business is unique, and there’s no ‘one size fits all’ for disaster recovery, so establishing your recovery goals from the outset is a good move. Create a plan that aligns with your business goals and objectives is crucial. What are your most critical systems? What would stop my business from restarting rapidly? At what point should you restore from? Is virtualisation an option? Developing a comprehensive and concise disaster recovery plan can provide you and your team with a useful framework to follow in the case of an emergency.
2. Invest in the right tech support
In many cases, downtime can cripple a business. Datto’s State of the Channel Ransomware Report found that the cost of downtime was on average 10 times more costly than the ransom requested in a cyber attack. This is where business continuity comes in. Instead of relying on backups of your data, business continuity offers the ability to continue running business-critical operations and prevent costly downtime. Once you have a recovery plan in mind, make sure you have the right solutions in place to make it happen.
Sometimes the right tech support can be both daunting and expensive to set-up, administer and maintain. Finding an experienced Managed Service Provider (MSP) can help you manage the logistics and costs associated with a disaster, giving you peace of mind in any worst-case scenario.
Talking through your disaster recovery strategy with your team is important but training them is even better. Making sure they know what is required from them in the case of an attack will help to speed up your business recovery time. Effective training, however, can also help them to take the necessary precautions to minimise the chances of an attack in the first place.
4. Regular testing
It’s all well and good having a plan and investing in the right tech support – but the ‘proof is in the pudding’, as they say. Testing it out is an essential way for you and your team to put your plan through its paces by simulating a real attack. Moreover, it can help you to test to see if there are any issues or holes in your strategy stopping your business from recovering the fastest possible time. Regular testing can give you peace of mind, while also allowing you to make critical adjustments to your strategy, which could make a big difference to your business in the long run.
5. Stay up-to-date
Your disaster recovery strategy is fluid. Putting everything in place is one thing, but as the threat landscape continues to evolve, it’s crucial to make sure that your strategy is updated in line with emerging threats. Not only this, but as your business grows and changes, it’s important to ensure that your strategy is modified to meet the requirements of any changes in infrastructure, including any changes to hardware, software, services or servers.