Where does ransomware protection begin and end? Why recovery is not enough

Coming in at $8,662 per minute, downtime from ransomware quickly adds up. To be exact, that’s $112 million over 9 days (the average downtime for a company that has been hit by a ransomware attack). At that rate, it’s no wonder that most companies put the main focus of their ransomware strategy on recovery. It just makes sense: The faster you recover, the smaller your financial losses are from downtime. But is recovery really enough?

Don’t get me wrong. Having the capability to recover quickly after an attack is a critical part of any ransomware strategy. But what if you took a more proactive approach to protection against ransomware and focused on preventing it instead of picking up the pieces after the fact? What if recovery becomes your “when all else fails” response to an attack?

When you really think about it, it’s not such a wild idea. If you can prevent ransomware to begin with, you can avoid the high costs of a successful attack. Think of it like a car. Airbags deploy after an accident to minimize injury to passengers. It doesn’t mean that you won’t get hurt, but your injuries will probably be less severe and require a shorter recovery time. Airbags are kind of a last-ditch effort to save passengers (much like recovery is a last-ditch effort to save your data).

For car manufacturers, airbags are a critical safety feature. But more important are the built-in safety features that are intended to help prevent an accident in the first place. Antilock brakes, traction control, stability control, forward collision warning, blind-spot warning—all are continuously engaged to keep the passengers safe by preventing an accident. The airbags deploy only when the other safety features fail.

You can take the same approach with your data, starting with protecting your primary storage to prevent a ransomware attack and to avoid having to activate your recovery solution.

If you’re ready to start protecting your data from the inside out, here’s what you need to do to get started:

• Implement a Zero Trust architecture to continuously monitor and verify any person or device that wants to access your data. It’s all about keeping malicious actors away from your data. You can learn more about ransomware and Zero Trust in my previous blog post.
• Use role-based access control, multifactor authentication (MFA), and multi-admin verification to boost administrative security. Not all ransomware comes from the outside—insider threats can cause just as much or maybe even more damage to your organization. Strong admin security can go a long way in keeping your data safe.
• Encrypt your data at rest and in flight. You never know when or where ransomware will strike, so your data needs to be protected whether it’s coming, going, or resting.
• Make sure that your data copies are immutable and indelible. Your data is worthless to cybercriminals unless they can threaten to delete or to corrupt it.
• Monitor continuously for any anomalies in user or file behavior. Be able to react instantly and automatically when unusual behavior is detected. For example, as soon as suspicious activity is detected, you should be able to automatically block the offending user and make a copy of your current data. This action stops hackers in their tracks and gives you a recent copy of data to restore to if you need it.

Today, NetApp is the only storage vendor who can provide end-to-end protection against ransomware. Built-in data protection and security features (and AI-based monitoring capabilities) enable you to prevent ransomware from attacking your primary storage. By taking a proactive instead of a reactive approach to ransomware protection, you reduce risk to your data and avoid the high cost of downtime and recovery.

To learn more about how to combat ransomware with primary storage from NetApp, download this Evaluator Group Technical Insight Report. And check out the NetApp® cyber-resilience and ransomware protection solutions to see how a data-centric approach to security can help you detect, prevent, and recover if ransomware strikes your business.