Organizations that report spending more on data protection measures report higher confidence facing the threat of ransomware attacks.

By: Carl D’Halluin, CTO, Datadobi

According to 451 Research’s Voice of the Enterprise report, 73% of organizations have reported an increase in spending on preventive data protection measures as a result of the increasing threat of ransomware. In the same study, 30% claimed that security issues such as viruses and ransomware contributed to their most recent outage problems.

It should come as no surprise that ransomware is on the rise. Not a day goes by that it’s not in the news somewhere. In 2021, ransomware attacks impacted a business, consumer, or device every 11 seconds, and by 2031, that number is predicted to be every two seconds.

Ransomware is projected to cost $20 billion globally in damages this year, and by 2031, up to $265 billion. This should serve as a grim reminder as to why it is important to backup your data and implement the industry’s best practices if you don’t want to become one of those projected statistics.

The storage industry generally promotes having a 3-2-1 data backup strategy. This means having three copies of your data. Two copies should be stored in two distinct locations, anywhere from cloud storage to disk or tape. The third copy is the ‘golden copy,’ or the official master copy of the data which your organization will refer to should primary and secondary data systems become compromised due to a ransomware attack. 

Location, Location, Location

According to the 451 Research Voice of the Enterprise findings, the perfect strategy for the golden copy is still debated. But, by definition, what separates the golden copy from the others is its location. This copy should be stored in another place inaccessible to users not having elevated authorization. Storing this golden copy in a bunker site or in the cloud allows organizations to reap the benefits of elasticity and a remote recovery site.

Again, while there is still no one-size-fits-all solution for golden copy storage, the research indicates most end users can benefit from securing these backup copies with a physical air gap or immutable storage. To further protect your data, you can add proactive security tools to monitor potential ransomware incidents like suspicious file encryption activities.

How Does a Golden Copy Prepare for Ransomware Attacks

As organizations and businesses expand, there is no shortage of unstructured data floating around. Traditionally, data was backed up with the Network Data Management Protocol (NDMP) which called for an open protocol used to control data backup and recovery communications between primary and secondary storage, according to SearchStorage.

Yet, increasing the amount of data we create and come into contact with has changed the data storage and protection needs. By some estimates there are as many as 2.5 quintillion bytes of data created every day. When this much data needs to be protected, stored, and recalled very quickly, things can get quite messy when relying on a dated strategy not built to withstand the rate at which data is being created and modified.

On a technical level, having an air gap separating your data from the server implies that there is limited connectivity between the source and the target sites. Instead of the source and target site constantly talking to each other, the network checks in now and then to pull incremental updates from the source since the last transfer of data.

What this means is that every object that goes through the process is subject to a checksum to verify the data’s integrity. Also, as needed, any image from any point in time can be restored into any recovery system. Air gap surpasses the outdated methodology of the NDMP protocol because NDMP depended on parity between the source and the target site of the recall at all times, which could also make it easier for your golden copy to be traced and destroyed in the event of an attack.

Let’s look at an example. Organizations within the finance industry depend on long-term data storage with authentication requirements that meet regulatory mandates. Should a ransomware attack happen, they need to be able to recover their files from any point in time. It is also important for them to have the choice of exactly what to protect, down to the level of individual files.

The types of files those institutions must protect are incredibly diverse in format and content. Thus, for their data protection strategy, the immutability and data integrity of such a wide array of data are impassable. In the event of a ransomware attack, a golden copy would make it possible for these types of organizations to pull up confidential information from its source from moments before the attack hit, and simply carry on with the workday. There would be no need to pay the ransom to get it back up and running or have the software damages corrected. 

In summary, in 451 Research’s Voice of the Enterprise study, 75% of respondents claimed their organization had implemented the practice of golden copies already. Does this contribute to the high levels of confidence the organizations reported at the beginning of this article and is this from the amount organizations have reported spending on their ransomware attack strategy? Yes, we certainly think it is.