Cybersecurity is a subject that is top of mind across the enterprise, from the IT department up to the CEO.

By Eric Herzog, chief marketing officer at Infinidat

Ransomware, malware attacks, and corporate data theft can cost companies millions, lead to government compliance violations, cause lasting reputational damage, and negatively affect operations if businesses are not adequately prepared for recovery.

Data is the critical target of malware attacks, and malicious actors will look to exploit any vulnerability. Integrating primary storage into a comprehensive cyber security strategy and building cyber-resilience into the storage architecture is a significant step in thwarting such attacks.

 

The cost of ransomware

A ransomware attack, or other data breach, can have devastating consequences for business, and the costs can spiral as they include downtime, lost opportunity, the number of hours required to rectify the problem and costs of repairing networks. There is also often the cost of the ransom to consider, as unprepared organisations are left with few options other than to pay up or lose their data.

According to the Sophos State of Ransomware 2021, the average ransom paid by mid-sized organisations was $170 404, and yet only 8% of businesses that paid the ransom actually got their data back. The report also states that the average cost of resolving a ransomware attack was $1.85 million. Cybersecurity Ventures estimates that ransomware costs will reach $265 billion by 2031.

 

A comprehensive cybersecurity strategy

Cyberthreats are one of the biggest risks facing enterprises today, and business leaders are beginning to take note. Cyber resilience has become a priority and a necessary part of a comprehensive cybersecurity strategy to help combat cyberattacks across the entire storage estate and data infrastructure. However, it is no longer enough to have cyber-resilient secondary storage. In today’s threat landscape, it is just as important to architect primary storage for cyber resilience as well. Cyber resilient storage includes a number of different elements to implement.

 

Immutable snapshots

Immutable snapshots are point-in-time copies of data that are either scheduled or manually created, and cannot be erased, deleted, or otherwise altered. They are commonly used within backup storage, but bringing this concept of ‘write once, read many’ into the primary storage array can change the game. These immutable snapshots cannot be changed by anyone, not even by administrators, so even if the admin’s credentials are stolen or malicious actors obtain access in other ways, the snapshot will remain unaltered.

 

Logical air gapping

Air gapping creates a separation between the management/control plane and the data plane, so that data is kept segregated, which can limit the spread of cyberattacks on your storage environment. A logical, remote air gap effectively places a separate copy of data on another storage platform. This can be replicated to a second storage unit in the same data centre, or remotely to a different site or different data centre. Combined with immutable snapshots, this is a powerful combination to deliver enhanced storage cyber security

 

Fenced forensic environment

Having backups and immutable snapshots is essential, but no business should ever simply trust that these copies of data are clean and uninfected. Malware and ransomware attacks can infiltrate organisations and lie dormant for months, which makes it likely that snapshots may have been infected. It is, therefore, essential to have a sterile, fenced, and forensic environment for testing, validation and recovery. Using a private Virtual Local Area Network (VLAN) connection, this environment can be used to test snapshots regularly and create a catalogue of ‘known good’ copies from which you can recover in the event of a cyber incident.

 

Near-instantaneous recovery

If you know where your last known good copies are and you experience an attack, you can leverage near instantaneous recovery, ranging from 1-3 minutes on primary storage and as fast as 15 minutes on secondary storage. This is delivered using a smart architecture that handles snapshots and metadata trees in an intelligent way, which gives enterprises superior restore performance at scale, and enables fast restore even up to petabyte levels with no dependency on the data set size.

 

Shoring up vulnerabilities

Cyberthreats, in particular, ransomware and attacks designed to steal data, are a trend that is only set to continue. Enterprises need to be prepared, and superior data protection and cyber resilience are critical for the entire IT infrastructure. If enterprises do not include storage in their cybersecurity strategy, they are leaving themselves exposed to ransomware and other malware. To effectively protect against this growing threat, it has become critical to incorporate cyber-resilient enterprise storage across primary and secondary storage.