How operational resilience keeps data available

Access to data after a breach is essential to operational resilience, says James Hughes, vice-president and enterprise CTO, EMEA, at Rubrik

Why has there been such a rise in ransomware attacks?

Ransomware has had its perfect storm. The pandemic brought on this holy trinity amplification of vulnerable people working from home, the rise of data absolutely everywhere and the growing prevalence of anonymous currencies like Bitcoin. Together, these trends have seen a huge acceleration in ransomware over the last couple of years and we don’t see it stopping. It’s not kiddies in a bedroom anymore. Malicious actors run proper businesses which operate P&Ls, offer ransomware-as-a-service products and even have systems to leave reviews because they compete for custom. State-sponsored hacking is also more prevalent.

What is the ultimate cost of a ransomware attack?

When people think about ransomware, many think about the cost of the ransom, but that’s the cheapest part. The cost of the outage is the biggest expense. Attackers are not targeting your infrastructure; they know you can recover that pretty quickly. They’re targeting your data, which is a one-of-a-kind asset and the absolute lifeblood of any organisation. If they’re determined, whether you like it or not, they will get it, and it will halt your business from being able to operate. Staff twiddling their thumbs and customers not getting what they’ve paid for is the real cost, and it’s why operational resilience is so important. When resilience is embedded in your business, you may not be able to operate at full capacity immediately after a ransomware attack, but you’ll at least still be operating.

What are the key challenges to ensuring that breached data can be recovered?

You can only know what to do after an attack if you’ve rehearsed it. You’ve got to rehearse in peacetime so you know what to do in wartime. And it’s not just a technology exercise but people too. We run events called ‘Save the Data’, which show the sorts of things you’ve got to get involved in right away – from your technology teams to how to communicate to the markets and your customers. But without data, there’s nothing to rehearse. It’s vital to ensure data is absolutely protected, completely secure and access to it is locked down. Most importantly, data must be available when you need it, which means combining the ability of an offline data backup with the speed of an online platform.

Is a zero-trust approach to security required to achieve operational resilience?

Yes, it’s paramount. Zero trust is simply the idea that one should assume a breach. If you’re operating your entire environment with the mindset that somebody with malicious intent is already in, that puts a really different lens on your architectural decision-making and also creates a completely different mindset, much more conducive to achieving operational resilience. It’s also important that organisations close the many silos that exist between tools and teams. If your IT and security teams are looking at the same data and the same recovery position, and they know what each other are doing, they are in a better position to keep your business operating.

How is Rubrik supporting companies on their journey to operational resilience?

Our mission is to secure the world’s data and we take that extremely seriously. We’re not looking at your infrastructure, as that’s all fungible in a cloud-centred world. We’re laser focused on data. Data secured by Rubrik can’t be affected by malicious outsiders and when you need your data back we make it immediately available, in some cases up to the second, so that your applications can continue functioning. There’s a huge difference between recovery and resilience. With recovery, you’re rebuilding from the rubble. Resilience means you can weather the storm and continue servicing your business with all the right data in the right place. That’s what we do all day, every day at Rubrik.

To learn more from James Hughes on the importance of operational resilience, register for Rubrik’s upcoming ‘Data Security Talks’ event at rubrik.com

Promoted by Rubrik