How Immutable Storage Plays into Your Ransomware Protection Strategy

MARCH 11TH, 2021

If you’ve been wondering where to focus your cybersecurity energy in 2021, a good place to start is ransomware protection. A recent survey of CSOs and CISOs shows that almost half of these security-conscious executives consider ransomware to be their organization’s biggest cyberthreat. 

These survey findings align with other security experts’ predictions that 2021 will be a very active year for ransomware attacks. Experts are also expecting ransomware operators to keep switching up their tactics and technology to make ransomware harder to detect, more destructive, and really, really expensive to recover from.

A Comprehensive Ransomware Protection Strategy Is Critical

We have all heard horror stories about huge corporations, hospitals, school districts, and government offices being hit by ransomware. Some of these stories end with the organization paying the ransom; some do not. But whether or not you decide to pay the ransom, one thing is certain: Recovering from a ransomware attack will cost your company time, money, and reputation.

According to leading cybersecurity technology provider Sophos, globally, the average cost of ransomware recovery is $1.4 million if an organization pays the ransom and $730,000 if it doesn’t. This average includes the direct costs of ransomware—things like downtime, restoring operations, and security audits. But when you factor in the indirect costs of cleaning up after a ransomware attack, the price tag is much larger. 

For example, it is hard to put a price on customer confidence. But studies show that today’s consumers are very likely to stop doing business with a company that has experienced a data breach, and lost customers mean lost revenue.

With the number of ransomware attacks on the rise, the cost of recovery skyrocketing, and new tactics that promise a whole new level of chaos, it is time to get serious about a comprehensive ransomware protection strategy.  

A comprehensive strategy provides multi-layer protection against ransomware by combining the latest cybersecurity technology with employee cybersecurity awareness training and exceptional data protection that includes immutable storage capabilities.

The Role of Immutable Storage in Ransomware Protection

Immutable storage is a key tool in the fight against ransomware. Being immutable means that once the data is placed in storage, it cannot be overwritten, changed, tampered with, or deleted—even by someone (or some malicious thing) with admin rights.

Backing up data this way simplifies ransomware and other disaster recovery efforts because there will almost always be a clean, current copy of the data available that can be restored once remediation is complete. (See below for the caveat.)

Don’t Rely Solely on Immutable Storage for Ransomware Recovery

Ransomware protection is a moving target on a good day. Ransomware operators are smart and getting more sophisticated by the minute, which makes it impossible to design a set-it-and-forget-it ransomware protection strategy. 

Immutable storage is definitely part of the equation, but IT security teams must constantly review and adapt their defense techniques to keep up with rapidly changing and evolving ransomware strains and tactics. 

For example, some newer ransomware strains target backup files and encrypt the data, rendering the backup useless for recovery. If your organization uses immutable storage, this may not be a huge deal. But here’s the caveat mentioned above:

Ransomware can enter a network and hide for days, weeks, or even months without encrypting any data or being detected by anti-malware tools. Storing an immutable copy of data that is infected with ransomware can reinfect the system when the copy is reinstalled, leaving you with encrypted data and no backup. 

How to Protect Your Immutable Storage from Ransomware

Immutable storage is an essential part of a comprehensive ransomware protection strategy. But, as with any technology, immutability doesn’t equal 100 percent immunity to ransomware infection.

So how can IT add another layer of protection to make it even more difficult for cybercriminals to steal or corrupt sensitive company data?

The 3-2-1 backup strategy is a pretty standard data protection technique these days, but as ransomware operators become more savvy, now is a good time to revisit and revise this approach.

Traditionally, the 1 in the 3-2-1 backup method refers to storing one copy of the data off-site, preferably in the cloud. Now that ransomware is able to compromise backup files, the old way doesn’t offer adequate protection.

Today, we need to expand this approach, making it a 3-2-1-1 backup strategy. This addition adds an air-gapped copy of the data that is secured offline and segregated from the company network, where it is impossible for ransomware to reach.

Cybercrime rates are on the rise, and traditional security methods are no longer sufficient to fight back. Instead, we need to take a holistic approach to data protection.

Holistic data protection provides multiple layers of defense against ransomware and other cyberthreats. An effective ransomware prevention strategy should include endpoint security around the backup infrastructure, the ability to proactively scan systems and data for malicious code, and the ability to manage multiple backup copies, including off-site and air-gapped instances. 

Adding immutable storage to your data protection strategy is critical, but it is important to remember that immutability should not be considered a complete solution in its own right.