Fighting ransomware with IT modernization
August 23, 2022
August 23, 2022
Earlier this year, a slew of financially motivated ransomware attacks sent the country of Costa Rica spiraling. The hackers successfully knocked out payroll systems, customs and tax processing, utilities and other essential services. The government was forced to declare a national emergency. This was not the first national incident of its kind. Ireland suffered a similar fate last year when an attack against its National Health System paralyzed services for almost a week.
The rise in frequency and severity of cyber attacks like these highlights the expansion of the overall threat landscape for governments and enterprises alike. Even non-cyber threats like natural disasters, terrorist attacks and political upheaval are promising to become less predictable and/or more frequent in the future.
We can no longer afford to simply react.
Organizations need to evolve their business continuity and disaster recovery (BCDR) efforts to include a more strategic focus on overall IT resilience.
Most companies don’t realize they can extend their existing IT modernization efforts to build resilience into the very DNA of their organizations. The tools and technologies that are driving modernization give us new ways to protect our organizations, while also cutting costs and protecting customers, data and reputations.
While traditional BCDR efforts are still important, they fall short when it comes to ransomware. That's because these efforts are often siloed, lack technical depth, use outdated technologies and are compliance-oriented—which means they are often limited to doing “just enough.”
While ransomware remains a board-level concern, organizations need to elevate and augment the BCDR conversation. They need to focus more on IT resilience and finding cost-effective means of advancing this capability.
This requires a shift in thinking.
The solution begins with adopting a resilient-by-design mindset. It is advanced by leveraging existing modernization efforts to address resilience needs. Think about it: you are already using cloud technologies and automation to modernize your IT environment. Why not extend the benefits of that investment to mature your resilience capabilities as well? No longer will you be focused narrowly on improving your ability to react to an incident. Rather, your IT resilience function will mature in tandem with your modernization efforts.
Historically, the management of physical environments was a critical component of BCDR. However, managing these environments was largely done with a legacy mindset—leveraging manual processes that were susceptible to inefficiency and human error.
According to the Uptime Institute’s 2022 Outage Analysis, nearly 40% of organizations have suffered a major outage caused by human error over the past three years. 85% of these incidents stem from staff failing to follow procedures, or from flaws in the processes and procedures themselves.
Today, we live in a digital age that brings new opportunities for multi-faceted IT resilience, beyond the management of physical environments and using manual processes.
The evolution of both public cloud services and Infrastructure-as-Code (IaC) creates new opportunities to improve the speed, agility and efficiency of IT resilience efforts. Thanks to IaC, we can build servers and networking equipment programmatically with a high degree of accuracy. Now, when companies declare a disaster—if they’ve properly prepared—they can run code to rebuild their environments in hours or days, instead of manually restoring physical environments in days or weeks.
According to Gartner, 72% of organizations are poorly positioned in terms of disaster recovery capabilities, with 63% likely suffering from “mirages of overconfidence.” 1
There’s an increasing need to justify IT resilience spend, but explaining the return on that investment can be daunting. Start by looking at your existing recovery capabilities. Are you running a resource-heavy and expensive hot site? Or a cold site with too long a recovery timeframe?
Compare these costs against what you can get by tapping into modernization efforts that are already in-place. For example, partnering with your infrastructure and operations team to expand automation use cases can return dividends for IT resilience.
You are already using cloud technologies and automation. Why not extend the benefits to mature your resilience capabilities?
When it comes to ransomware, automation enables you to rapidly rebuild the affected environments. It also can help improve the accuracy and frequency of recovery testing. With cloud, you can reduce the cost of maintaining a recovery environment by minimizing your footprint and leveraging automation to rebuild on-demand.
Investing in automation not only increases your resilience capabilities, but it also opens the door to optimizing IT operations throughout the enterprise. You could spin that the other way, too: IT resilience serves as a great business case for adopting automation across the organization.
The greatest value will come from a shift in thinking of resilience as a distinct function to thinking of it as a natural extension of your modern infrastructure.
There is nothing inherently wrong with traditional approaches to BCDR, when you have appropriately balanced your recovery capabilities with cost—until you get hit with ransomware. Your recovery objectives go out the window, and you are forced to incorporate modern technologies to recover.
These modern technologies, such as cloud and automation, are already in use within your organization to some degree. Why limit yourself to traditional BCDR when you can augment it with IT modernization?
For a lot of organizations, it’s simply about connecting the dots. Replacing manual efforts with automation enables you to respond to and recover from cyber-attacks more effectively. Companies simply may not realize they can extend their existing modernization efforts to build a faster, better and more cost-effective resilience function.
The path to maximizing your resilience ROI begins with quick wins like incorporating automation. With a proper strategy and a shift in mindset, IT resilience can become a natural extension of your secure and modernized infrastructure.
1 Gartner, Market Guide for Disaster Recovery as a Service, Ron Blair, Jeffrey Hewitt, 26 July 2022
We would like to thank Jonathan Harrison and Robert Boyce for their contributions to this post. Stay tuned for future insights on how IT modernization can improve your resilience posture.