In an era where cyber threats such as ransomware loom large, the pace of recovery following an attack is a paramount concern for organizations for whom downtime of any length can prove disastrous. Data from Sophos, for example, suggests that the average recovery time from such attacks extends to almost a month, leading to a range of major problems, ranging from stalled productivity to severe financial losses. What’s more, even after systems have been restored, brand damage and eroded trust among customers and stakeholders can lengthen the impact.
During any ransomware scenario, time is clearly of the essence, and organizations need to minimise their recovery goals from the weeks many currently endure to a matter of days and, preferably, hours. This is where recovery time objectives (RTOs) and recovery point objectives (RPOs) become indispensable, given that they represent the most important metrics of any disaster recovery plan. Measured in units of time, they deal with data loss and recovery time for data and applications in the event of a disaster.
RTOs and RPOs: key metrics for efficient recovery
RTOs and RPOs are essential tools in the cyber resilience arsenal. They provide a structured approach to data recovery, enabling businesses to formulate a strategy and targets for resuming operations quickly and with minimal data loss. By setting specific recovery targets, organizations can effectively plan and implement recovery strategies that align with their operational requirements and risk tolerance levels.
Speedy recovery has a direct impact on the severity of a ransomware attack’s consequences. Quick detection and recovery can significantly reduce the extent of data encryption by ransomware, allowing businesses to roll back to a state just before the attack. This agility in response is crucial in maintaining business continuity and safeguarding sensitive data.
In this context, when discussing the specifics of data recovery and how to meet these objectives, the conversation often turns to the cloud versus on-premises solutions. While current trends lead many organizations towards cloud-based solutions due to their low entry barriers and ease of setup, on-premises solutions offer unmatched control and recovery speeds. Each has its own benefits and drawbacks, with technologies such as cloud vaults offering maintenance-free, single-vendor convenience but can lead to reduced control over data. On-premises vaults, on the other hand, provide enhanced control and security but require more time and expertise to set up.
This dichotomy highlights the importance of flexible recovery options. Depending on the nature of the data and the specific recovery use case, one solution may be preferable over the other. The key is to assess the specific needs of the organization and choose a solution that offers the best mix of control, flexibility and speed to deliver the required levels of cyber resilience, which is the ability to protect, detect, and recover from cyber threats continuously.
Vault technology, whether cloud-based or on-premises, plays a pivotal role in achieving this. The choice between on-premises and cloud vaults should be guided by the specific recovery and resilience needs of the organization. Each offers a different balance of control, flexibility, and speed, which are crucial in the context of cyber resilience.
The critical role of rapid detection
Building on the concept of resilience, rapid detection of ransomware becomes a key component in minimising the impact of attacks. The ability to detect ransomware quickly facilitates faster initiation of mitigation and recovery processes. In addition, employing a comprehensive security stack that includes anomaly detection and real-time data encryption can substantially enhance the capacity for prompt ransomware detection. This layered approach is crucial to cover all bases and ensure a comprehensive defence strategy, further supporting the quick recovery objectives set by RTOs and RPOs.
Moreover, defining these recovery objectives often requires a reevaluation of typical recovery times. With the right technologies and processes in place, organizations should aim for recovery times measured in hours or days – an approach which may represent a significant shift from the current norms.
Ultimately, the fight against ransomware requires a proactive and flexible approach to recovery. Organizations must consider various factors, including the choice between cloud and on-premises solutions, the importance of rapid detection, and the implementation of effective RTOs and RPOs. By focusing on these areas, they can enhance resilience against cyber threats, ensuring faster recovery times and minimising the impact of attacks.
Chris Rogers is Senior Technology Evangelist at Zerto, a Hewlett Packard Enterprise.