It's been a month since WannaCry, the biggest ransomware attack in history took place, impacting over 230,000 organisations across 150 countries. And two weeks agojust last week, we saw yet another high-profile ransomware attack, GoldenEye, taking the limelight, with an attack which affected more than 12,000 machines in 65 countries across the globe.
Paying a ransom is one thing, but this is just a fraction of the losses businesses can incur from a ransomware attack. The downtime following the attack can be crippling. In Datto's recent ransomware survey, we found that of the 1,000 businesses surveyed, a huge 63 per cent of businesses who had been hit by a ransomware attack, also suffered business-critical downtime.
The business-critical downtime caused by WannaCry was estimated as 33 hours on average per business, costing $3.3 billion globally, owing to losses in sales, productivity and reputation. The impact of GoldenEye remains to be seen, but will likely see a similar cost to businesses across the globe.
The truth is, even if businesses apply best practices to limit the impact of ransomware attacks --, like backing-up critical files, ensuring they have a good cybersecurity solution in place, and ensuring they are patching their system appropriately --, none of these things are going to help them restore their systems and get back up and running in the fastest possible way following attack.
The only way to do this is by having your 'ducks in a row' when it comes to disaster recovery. To do this, we have put together five tips for developing a business disaster recovery posture to help you avoid catastrophe in the event of disaster.
- Ask yourself: 'What does your road to recovery look like?'
Every business is different, and there is no 'one size fits all' for disaster recovery, so asking yourself, 'what does recovery look like?' and 'what are your most critical systems? will be essential ins helping you to prioritise your recovery tasks.
Establishing recovery goals from the outset, will help you to create a plan which aligns to your business priorities and objectives. Ask yourself questions like 'what date / time should you recover from?' and 'what approach should I use to do this; for instance, file restore or local virtualisation or offsite virtualisation?'
- Test it out
Once you have an approach, regular testing can give you peace of mind, knowing that your approach is effective and has you covered. If not, it also gives you the opportunity to make critical adjustments that could make a big difference to your business down the line.
- Team responsibilities
Communicating with your team on disaster recovery plans will ensure they understand what is required of them and the protocol to follow in the event of a disaster, helping to dramatically increase your disaster response rate by streamlining implementation of your plan in favour of a smooth and fast recovery with minimal negative impact on your business.
- Stay up-to-date
Updating your plan regularly is necessary to ensure that all your bases are covered, particularly following any changes to your system infrastructure, including modifications or changes to hardware, software, services or servers.
- Consider DRaaS
Downtime is stressful, and the tasks around it can feel overwhelming and too numerous to count. This is where Data Recovery-as-a-Service (DRaaS) comes in. Covering any cause of downtime, including ransomware attacks, natural disaster or a server crash, DRaaS is a cloud computing and backup service model that uses cloud resources to protect your system from downtime when disaster strikes.
Working to replicate infrastructure and applications, DRaaS uses secure off-site locations to provide full system recovery based on your business. While it can be both daunting and expensive to set-up, administer and maintain, finding an experienced Managed Service Provider (MSP), can help you manage the logistics and costs associated with disaster, giving you peace of mind in any worst-case scenario.
Sign up for CIO Asia eNewsletters.