During the Covid-19 pandemic, hackers and fraudsters have been extremely active. During the first half of 2020, stimulated by the fact that more people began to work remotely from home, Bitdefender's Mid-Year Threat Landscape Report 2020 claims there was a 715 percent year-on-year increase in detected – and blocked – ransomware attacks. No organization, no data center, or state is immune to the attacks and for the cyber-criminals that perpetrate them, they can be rewarding.
Not quite so perhaps with the recent attacks on the Republic of Ireland’s healthcare system. An Irish minister has described it as “possibly the most significant cyber-crime attack on the Irish state” to date, and yet, its government is steadfastly standing firm and refusing to pay a ransom after consulting cyber-security experts. Taoiseach (Irish PM) Micheál Martin has also stressed that the country’s health and emergency services remain open. Nevertheless, he admits that it may take some days to fully assess the impact of the ransomware attacks on the HSE, the country’s health service.
The international, human-operated Conti ransomware attack occurred on 14th May 2021 and caused widespread disruption in many of the Republic of Ireland’s hospitals, including at Dublin’s Rotunda Hospital. HSE chief executive, Paul Reid, says the attack is focused on accessing data stored on central servers. The attack affected all of its electronic systems and records, leading to the need to shut down all their computer systems. The country’s National Cyber Security Centre (NCSC) immediately activated its crisis response plan.
The HSE subsequently had to assess up to 2,000 patient-facing IT systems, which include multiple servers and devices, to enable recovery in a controlled way. It reported that there are 80,000 HSE devices to be checked before they can be brought back online. Priority was given to key patient care systems, including diagnostic imaging, laboratory systems and radiation oncology, and some systems have already been recovered.
Backups and airgaps
Incidents like this show why ransomware events require organizations to create backups and even airgaps to protect their data, so that they can maintain and/or quickly restore their services whenever an attack is unfortunately successful. The multimedia backups should ideally be located at three disaster recovery sites. They should ideally be located far apart from each other – outside their own circles of disruption. This ensures even when one or two of them go down, there remains capacity to reduce the impact of any attacks or natural disasters on business, services, and operations. This is because at least one site will remain available to maintain or restore them.
To ensure service continuity, organizations should back up to the cloud with backup-as-a-service (BUaaS), or to tape. Most people would be forgiven for thinking that tape is an old and no longer used technology, but it still plays a crucial role in storing and backing up data. After all, cloud systems can themselves be prone to attack, and so it’s sensible to have more than one means of backing up data.
Chris Ducker, Head of Product Marketing at Orgvue, and a former head of proposition marketing (Europe) at Sungard Availability Services, commented a couple of years ago: “If you look at on-premise, you have tape back-ups, a large IT infrastructure in place and that would be backed up onto tape or other services in a data center. The data then gets stored in a safe location and then, when an incident occurs, you have to move it physically and get it to the right location to load and get it up and running. This is a much slower process than cloud recovery provides. If you have a replicated environment, you can spin up servers more quickly than with traditional back-up.”
Certain environments can be mirrored for business-critical applications using cloud services. However, there will be applications for which it might be more efficient to use traditional tape back-up and so tiering defines the activities. Cloud recovery is not the only option. It presents a mix of potential options and so there is a need to understand the business outcomes an organization wants to achieve, and why there might be a need for the recovery to ensure that the right solutions are put in place to maintain data security, data integrity, business, and service continuity.
Where once there used to be the rule that said you need 3 copies to ensure you can guarantee recovery of your data, the industry has now adopted the 3-2-1 rule. In summary it requires:
- Keeping at least three copies of your data.
- Keeping the backed-up data on two different storage types.
- Keeping at least one copy of the data offsite.
Exponential data volumes
The trouble is that data volumes are increasing exponentially – and this can become a major issue, whether an organization is backing up their data, restoring it after a ransomware attack or doing it for indexing purposes to comply with regulations, such as GDPR. Doing all this over Wide Area Networks (WANs) can be both slow and expensive. Slow because WANs are often impacted by latency and packet loss. Issues which WAN optimization can’t adequately mitigate. It also can’t handle encrypted data, making data security a concern. SD-WANs are a good option, but they also need a boost.
The answer is WAN acceleration. It can be overlayed onto SD-WANs, and it employs a combination of artificial intelligence, machine learning and data parallelization to accelerate data over WANs. It can handle encrypted data to the cloud and for transfer to tape, while mitigating latency and packet loss. WAN Acceleration can move data at a petabyte scale and at great speed with 90-95 percent bandwidth utilization, while providing a significant return on investment on the cost of WAN links.
WAN acceleration should therefore be part of your backup strategy. To accelerate WANs and data flows it’s imperative to use a solution that uses artificial intelligence and parallelization, and which can significantly mitigate latency and packet loss. After all, WAN and data acceleration is crucial in the event of any recovery from a ransomware attack like the one in Ireland, and WAN acceleration can accelerate real-time analysis as well as Backup-as-a-Service.