Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Friday, 3 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Gartner: 5 Considerations for I&O Leaders Planning Against Ransomware Attacks

By Jerry Rozeman, Sr Director Analyst at Gartner

by The Gurus
December 7, 2022
in Featured
Gartner: 5 Considerations for I&O Leaders Planning Against Ransomware Attacks
Share on FacebookShare on Twitter

Ransomware attacks are hitting organisations every day and infrastructure & operations (I&O) leaders are aggressively bolstering protection, detection and response capabilities against attacks.

However, questions remain as to whether existing disaster recovery (DR) and business continuity plans are sufficient for ransomware recovery.

To address this, I&O Leaders must consider five areas between the two recovery approaches, to better establish whether existing plans can withstand a potential ransomware attack.

  1. Similarities and Differences

Traditional DR and ransomware recovery have many similarities, including the need to coordinate with business continuity management, prioritise via recovery tiers and understand dependencies. Both also require procedures to assess the impact, declare and activate recovery plans, execute plans, and obtain clarity around access and maintenance.

However, ransomware recovery involves greater complexity and unpredictability and so it’s important to consider the business demand of the differing recovery steps in the process, which will naturally involve different stakeholders. These include varied recovery approaches, location, data loss, recovery time and the speed of a return to business as usual.

  1. Disaster Recovery Protects Against ‘Predictable’ Disasters

Traditional DR planning assumes that an entire location or application has failed, requiring failover to a DR location. These events can vary in scope, from regional power outages to IT equipment failure, and even natural disasters such as earthquakes, tornadoes and flooding, which destroy all infrastructure.

Planning for these events requires active or hot standby application infrastructure across data centres, which enables the failover to happen within a reasonable time, and with minimal or no data loss.

  1. Disaster Recovery Not Always Suitable for Ransomware Attacks

As of today, ransomware attacks are mostly well-planned where the attack can start weeks or months before the final ransomware assault. Typically, ransomware is only activated as the last step in a this well-prepared cyberattack, with attackers still having access during the attack.

Traditional DR usually relies on the replication and synchronisation of applications, data, and foundational network services between the primary site and the DR location. So, all the work the attackers do to compromise the production site will be replicated on the DR site. Consider that the contamination of the DR site will make it impossible to use standard recovery procedures after a cyberattack.

Contemplate that you may have to build from scratch in a worst-case situation and this will require planning to recover from alternative infrastructures, such as isolated recovery environments, cloud infrastructure, relocation sites and services.

  1. Disaster Recovery and Ransomware Recovery Follow Different Processes

Traditional DR activation follows a straightforward process where — after the disaster event is detected — an assessment is conducted to decide whether failover is required or not. After that, failover is executed and validated, and business continues. A well-planned failback (when applicable) can be executed when the primary environment is recovered.

Recovery from ransomware, on the other hand, requires multiple and more complex stages. In the first phase, there is a focus on stopping the attack from execution and propagation. In the second phase, forensic analysis is required to find out what happened, what ransomware was executed, the security issues at hand and how it infiltrated the infrastructure. During the third phase, analysis is required to find which network artefacts, apps, data and backups are affected.

Through phase four, there is a focus on the recovery of foundational infrastructure, by either a restore or a rebuild of all artefacts in the network, as well as storage and compute infrastructure, followed by a rebuild or recovery of network services like DNS and AD. In phase five, a dedicated isolated recovery environment (IRE) is leveraged to scan, repair, and validate operating and application/data systems to prepare for recovery back to the primary environment. Finally, in phase six, systems are migrated out of IRE back to production.

This level of impact on the entire infrastructure is what makes ransomware recovery so complex and unpredictable, as you need to first recover and resecure every impacted element in your infrastructure environment before you can recover systems, applications and their data. Examine the complexities that come along with the different processes and the demands this may ask of your organisation.

  1. Ransomware Recovery is a ‘Team Effort’

DR is often led by the DR team, which consists of the server team, network team, storage team, backup team, who all report to the DR manager, who then reports to the CIO. DR is part of the wider business continuity management process, where DR is responsible for the recovery of IT systems in a disaster situation.

Ransomware recovery, on the other hand, is initially led by the cybersecurity incident response team, which reports to the chief information security officer and is supported by other infrastructure and operations teams, including the DR team. Hence, recovery from a ransomware attack is far more of an all-enterprise effort and consider whether you have the resources to approach this appropriately.

Gartner analysts will further explore and compare disaster recovery and ransomware recovery at next year’s Gartner Security & Risk Management Summit 2023, taking place 26-28 September, in London, UK.

Jerry Rozeman is a Senior Director Analyst at Gartner

FacebookTweetLinkedIn
Tags: CybercybersecurityGartnerRansomware
ShareTweetShare
Previous Post

Salt Security chosen to protect Open Line from API security threats

Next Post

#MIWIC2022: Kristina Balaam, Lookout

Recent News

london-skyline-canary-wharf

Ransomware attack halts London trading

February 3, 2023
Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

February 2, 2023
JD Sports admits data breach

JD Sports admits data breach

January 31, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information