To combat the evolving cyber threat landscape, enterprises globally are increasing their data security investments. The global spend on cybersecurity skyrocketed from $3.5 billion in 2004 to $124 billion in 2019. This 35x jump is expected to exceed $1 trillion by 2021.
Despite significant investments in data security, organizations of all sizes (large multinationals to state and city governments) are experiencing a rapid increase in frequency and intensity of ransomware attacks. The impact of these attacks can be crippling and mostly can be attributed to a combination of unresolved software vulnerabilities and internal human actions/errors, along with sophisticated tactics that incorporate numerous techniques to go undetected for some time to spread throughout an environment before manifesting.
In 2019, cyber breaches cost the global economy $2.1 trillion, and $11.5 billion of that was from ransomware attacks. Law enforcement agencies, including Europol pointed out that ransomware remains the top threat worldwide. Yet as reported by Forrester Research, only 21 percent of surveyed organizations confirmed they have contingency plans to recover from ransomware attacks, and only 11 percent of survey respondents said that they were confident to recover their data within three days of an attack.
So Why Are Organizations Unable to Defend Against Ransomware?
To ensure a payout, cyber criminals are not just attacking the production environment but increasingly targeting backup data and infrastructure—effectively hobbling the “insurance policy” organizations depend upon when disaster strikes. The attackers are often exploiting weaknesses associated with legacy backup solutions architectured before the advent of the ransomware industry. Before encrypting the production environment, sophisticated malware is known to destroy shadow copies and restore-point data. Due to its underlying architecture these malware make legacy backup infrastructure easy prey rather than a defense against ransomware attacks.
Continued employee cybersecurity education and investment in security tools is important. Organizations also need to deploy a modern, robust backup solution that helps protect backup data against ransomware attacks and rapidly recover to reduce downtime.
Cohesity’s comprehensive anti-ransomware solution goes beyond detection. Following a typical attack lifecycle, Cohesity offers an end-to-end solution (Figure 1) that helps enterprises:
Let’s double-click on Cohesity Comprehensive Anti-Ransomware and Rapid Recovery Solution.
Reduce Attack Surface
Cohesity customers reduce their data footprint by consolidating various backup components, disaster recovery, file services, object storage, dev/test and analytics on one web-scale platform. Customers further reduce their data footprint and attack surface with Cohesity’s global variable-length dedupe across data sources and compression. This helps enterprises to reduce their exposure to cyber criminals.
Prevent Backup from Becoming a Ransomware Target
A modern backup solution with multi-layered defence approach is needed to defend against sophisticated ransomware attacks, which include:
Machine Learning-Based Ransomware Detection and Actionable Recommendation
In a perfect world, we shouldn’t have to worry about ransomware attacks, but unfortunately, that’s not our world today. In a situation where your primary environment, users, and application infrastructure is compromised, Cohesity Helios can help you out of that jam. With its latest anomaly detection, Helios, our SaaS-based, machine-drive solution, will provide eyes and visibility when you’re not able to. With SmartAssist, Helios will alert not just the IT admin but also Cohesity’s support team when the primary files data-change rate is out of the norm. Anomalies will be detected based on matching any larger data changes against the normal patterns, including:
Besides monitoring the backup data change rate to detect a potential ransomware attack, Cohesity’s machine learning algorithms also help locate a clean copy of the data that can be used for recovery.
Deep Visibility for a Clean Recovery
How good is data restore if it results in re-injecting software vulnerabilities and cyber threats backup into the IT production environment… the same holes that cybercriminals previously exploited to easily access your highly fortified IT environment?
Cohesity CyberScan, gives backup operators deep visibility into their snapshot’s health and recoverability status. Instead of blindly restoring from any snapshot, CyberScan shows each snapshot’s vulnerability index (Image 2) and actionable recommendation to address those software vulnerabilities. The solution is designed to help organizations cleanly and predictably recover after a ransomware attack without compromising or re-injecting any vulnerabilities back into the IT production environment.
Rapid Recovery to Reduce Downtime
The most important requirement after a ransomware attack is having the ability to quickly recover compromised data. Unlike any solution available in the industry today, Cohesity offers the ability to locate data across your global footprint, including in the public cloud. Your apps and data are instantly brought back using Cohesity’s instant mass restore by offering:
Ransomware is so common it has practically become a household name. Yet ransomware remains a daunting threat to enterprises in need of a modern solution that offers more than the ability to simply detect a threat. Below are a few helpful links to learn how Cohesity offers a comprehensive solution against ransomware attacks.
Video: Comprehensive Solution Against Ransomware Attacks