February 2021
Ransomware attacks are on the rise. Protect your data and business operations with backup, recovery, and policy enforcement technology designed to mitigate the impact of a ransomware attack.
Ransomware mitigation
The concern about ransomware
Ransomware is a top security concern of enterprises around the globe. Advances in security technology, operations, and antifraud protection on credit cards mean that cybercriminals have migrated from payment card information theft to stealing money using ransomware. These criminals have even learned to game insurance markets, targeting ransom amounts to be just under insurance limits, using urgency and a basic financial understanding to elicit payment.
Unfortunately, not all ransom payments result in the release of the hostage data. So while ransomware is significantly disruptive to business operations, in many cases it also constitutes a personal data breach. This is because, despite the fact that there is no unified global privacy or data security law, the legal definition of a data breach can be broadly summarized as any incident in which data is disclosed, lost, altered, or accessed without authorization. In the case of privacy laws, such as the GDPR, ransomware can result in a personal data breach if the data affected includes personal data.
The cost of ransomware
Ransomware attacks cost far more than the ransom price demanded for encrypted data. In addition to the ransom price—which continues to increase even as these attacks become more common—there is also the cost of recovery, lost revenue, operational disruption, and even loss of brand value. In an increasingly digital world, the loss of data might mean that the entire business is shut down. A lack of data availability can mean that perishable goods can’t be unloaded at a port, that healthcare is not available to those who need it, or that critical infrastructure shuts down when it’s most needed. These interruptions and their related costs are often further reflected in reduced shareholder value and overall trust in a company.
The legal implications of ransomware
The business costs of ransomware mitigation can be further exacerbated by legal implications. In addition to potential legal claims associated with business interruption, ransomware that impacts personal information may be considered a personal data breach under a variety of different laws.
For example, the European Data Protection Board has issued guidelines on personal data breach notification. These state that ransomware resulting in the encryption of personal information, with no backups available and an inability to restore the data, would be considered a breach of the confidentiality, integrity, and availability of the impacted personal data. This situation would require notification of both the European Data Protection Supervisor and any affected data subject.
In the United States, multiple laws state that a response to ransomware is a key aspect of legal compliance, including the New York Department of Financial Services cybersecurity regulation, Title 23 NYCRR Part 500, the U.S. Health Insurance Portability and Accountability Act (HIPAA), and the Securities and Exchange Commission (SEC).
Responding to ransomware
Ransomware response strategies, processes, and policies are vital to continuing business operations. Criminals seeking to infect systems with ransomware rely on what is now the weakest link in information systems—humans. With the entire internet designed to be clicked on and clicked through, and growing risks in the compromise of business email, even the most diligent employee can be a risk.
Business continuity plans that include data backup and recovery are instrumental in reducing the impact of ransomware on business operations. Viable backups, isolated from a ransomware attack loop, are a key component of a system that is capable of both avoiding ransom payments and continuing operations. Streamlining recovery point objectives to uninfected data points helps to protect against reinfecting systems with stored but dormant ransomware. As a global leader in data storage, NetApp is committed to providing the necessary backup and recovery solutions to empower our customers to remain resilient against ransomware threats.
How NetApp can help mitigate ransomware threats
In theory, no one should pay ransom to recover from a cyberattack when backup and recovery options are available. NetApp offers a number of tools to empower our customers to prepare for ransomware threats and implement disaster recovery and business continuity plans:
• NetApp professional consulting services can assist with data protection and security assessments.
• NetApp’s e-book, Ransomware in the Cloud, is filled with resources and information to help customers develop a comprehensive practice to prevent and respond to ransomware.
• ONTAP customers can find specific instructions on ransomware prevention and remediation as well as a full NetApp Solution for Ransomware.
• To help detect potential ransomware attacks, users of NetApp Cloud Insights can take advantage of NetApp Cloud Secure, which takes a trust-no-one approach in analyzing patterns of data access.
• To help prevent ransomware from executing in storage environments, customers can use NetApp FPolicy.
• To help recover from ransomware infiltration, NetApp SnapCenter technology offers business continuity and data recovery options.
• NetApp recognizes the need to operate with multiple platforms. Our solutions for ransomware mitigation include interoperability with Splunk enterprise environments.
Whatever your storage needs and recovery strategies, NetApp has solutions to help you develop a robust ransomware protection and mitigation strategy.
More information
EU guidelines on personal data breach notification
Recommendations and best practices from the European Data Protection Supervisor for assessing and managing the risks of a personal data breach.
