数据是当今商业中最有价值的资源之一,它是it系统的核心,保证公共和私营部门的运营. 当勒索软件攻击取消对数据的访问时,对组织的影响可能是严重的. 在日益数字化的市场中,勒索软件已经改变了组织需要思考的网络安全和数据价值的本质.

Your Data is Your Responsibility

过去成为新闻的网络攻击主要是盗取信用卡信息或其他可以轻易在黑市上出售的信息. Now, 勒索软件已经将网络犯罪提升到一个或多个组织瘫痪数天或数周的程度. 勒索软件可以攻击在您的组织之外没有价值但您的组织不能没有的数据.

Your organization’s data, whether it is proprietary trade secrets, protected customer data, or operational data, is your responsibility to protect and recover. That data might be spread across various cloud services, hosted services, managed providers, and application platforms but it is still your data. No matter how secure these platforms and services claim to be, when a cyber-attack or other disaster hits, 你要么有一个恢复解决方案来补救,要么没有,你唯一的追索权就是起诉你信任的数据平台.

Ransomware Thrives Where Recovery Falters

For a ransomware attack to be successful, 从袭击中恢复或重建的费用必须高于支付赎金的费用. The cost of an attack can be measured in disruption of operations, loss of data, loss of reputation, 而且,成本可能会继续沿着供应链流向受中断影响的其他组织. Costs add up quickly for both the recovery time and the amount of data lost.

现在大家都知道,恢复时间目标(RTO)和恢复点目标(RPO)对于减轻灾难的影响非常重要. 勒索软件攻击是一个灾难级别的事件,RTO和RPO对于勒索软件来说和其他恢复事件一样重要, but both must be effective to mitigate the costs. A poor RTO means systems may be down for hours, days, or even weeks. A poor RPO means data loss can be measured in hours or days.

使勒索软件更加阴险和有效的是,它经常针对恢复机制,如快照和其他备份,以防止恢复. 这意味着对于RTO或RPO,恢复方法有限或仅依赖于本地快照或备份的恢复解决方案将面临风险. With a ransomware attack, 应该假定本地快照或备份可能会受到攻击. They might not be, and then recovery is easier, but if they are, there must be another recovery option that provides the RPO and RTO needed.

What is Recoverware?

勒索软件并不是什么新鲜事,但多年来已经演变成一种越来越危险的威胁. In the same way, 备份和恢复解决方案经过多年的发展,可以修复更多的灾难场景. Unfortunately, 许多恢复方案和使用它们的组织没有跟上勒索软件等现代威胁的步伐. But why?

As a cyber-security risk, 像勒索软件这样的攻击一直是IT安全专家专注于预防的领域.  And prevention is no less important now than it ever has been. But ransomware often targets systems at their weakest point, the user. No matter how hardened your systems are, 用户只要犯一个错误,恶意软件就会进入系统,危害整个网络.

Recoverware采取勒索软件直接提供必要的恢复选项,如果快速检测到数据的最近的副本,使系统恢复在线, or a copy of the data from long-term retention, and do so in a safe, tested environment. While security specialists focus on prevention, Recoverware提供了安全网,防止攻击不可避免地进入系统.

Recoverware is not merely a marketing term coined to grab attention. 这是一个诚实的尝试,定义了一类恢复解决方案,可以抵消勒索软件时,预防已经失败. Unlike the legacy 3-2-1 backup and recovery solutions, recoverware goes beyond only 3 copies of data, or only two sites. Let’s walk through an example scenario.

Acme Corp experiences a ransomware attack affecting its file server. With a traditional 3-2-1 solution, 可能存在与本地备份相结合的时间点快照来进行恢复, but unfortunately, 这些快照和备份被破坏是因为它们在同一文件服务器上. 数据的下一个可用备份副本是远程的,而且远程可用的时间点更少. Low bandwidth to the remote site makes recovering the data terribly slow. 在低带宽上需要恢复的数据量需要几天的时间,在这段时间内用户的生产率会大大降低. 这种破坏的代价可能会让Acme公司考虑支付赎金作为一个可行的恢复选择.

With a recoverware solution, Acme Corp, 不仅从具有数千个恢复点的日志中提供本地时间点恢复选项, but if that local journal were compromised, 在一个远程热站点上有一个日志和受影响服务器的副本. After only a few minutes, 热站点可以进行故障转移,并在攻击前不久从日志中先前的时间点带回数据, first testing it in an isolated part of the network, and then once verified, connected to the users who can continue from the most recent clean data. No need to worry about the ransom for recovery.

Recoverware改变了勒索软件攻击者试图遵循的脚本,使破坏和攻击的成本微不足道. 攻击者依赖于以预防和恢复为重点的遗留安全思考和计划,使组织能够重新考虑以现代恢复选项为重点的问题.

Is Cyber-Security Part of Your Planning?

现在是您的组织将恢复作为网络安全计划的一部分的时候了! 勒索软件攻击者希望您没有这样做,并且您的遗留恢复解决方案仍然存在,不足以完成恢复任务. 正确的勒索软件恢复解决方案可以为您提供工具和选项,让您重新考虑如何应对勒索软件攻击.

 


Determine which factors are right for you when it comes to hosting your project. Do you expect an influx of traffic? Then scalability is important. Do you want a more hands-off approach to hosting? Then perhaps managed hosting is the way to go.

虽然几乎不可能预料到可能出现的每一个遵从性障碍, you should be prepared to handle as many of them as possible. Being proactive now means that you’ll enjoy peace of mind later. 如果您在合规方面有任何问题或需要任何帮助,CB技术集团随时为您服务. Like we said earlier it is better to be prepared beforehand then later.