How manufacturers can stop the ransomware menace


IT teams today have a huge amount of threats to deal with, but of all the different cyber-attacks they face, ransomware has undoubtedly been one of the biggest menaces over the last few years. Despite many people thinking ransomware had reached its climax with the WannaCry attacks in 2017, cybercriminals have continued to develop new means of encrypting files and soliciting ransom payments from their victims.

Indeed, attacks targeting US government entities such as police stations and schools are on the rise, while new ransomware forms continue to emerge. One of the latest is LockerGoga, which recently crippled the infrastructure of Norsk Hydro – one of the world’s leading aluminum manufacturers – bringing its operations to a screeching halt. While Norsk didn’t pay the ransom, initial reports are estimating the attack will cost the company around $41 million, primarily as a result of lost production time.

So, for the manufacturing industry in particular, it’s evident that being able to get operations up and running as quickly as possible after a ransomware attack is of paramount importance. This is where bullet-proof backups and rapid disaster recovery come into play.


The right way to back up data

In today’s threat landscape, having a backup strategy that ensures the redundancy of systems, workloads and applications is essential for manufacturers. However, many face challenges when it comes to identifying the full scope of assets they need to protect. This process requires the IT team to work with every single business department to identify the most business-critical applications, and then map each back to the IT infrastructure. This will provide a holistic view of the resources the business uses most, which allows them to tier systems depending on their importance and understand which systems need to be prioritized during the recovery process. It’s also important to determine the data retention period necessary for the business to operate and meet compliance. For example, archiving information on a completely separate infrastructure may be necessary for companies that need to store data for long periods of time.

Another common mistake manufacturers make is thinking that every system, application and workload needs to have the same recovery point objectives (RPOs) and recovery time objectives (RTOs). In reality, the RTOs and RPOs of different systems and applications will range from minutes to a few hours depending on their operational importance. For example, transactional and communications systems will need to be restored much more quickly than a server storing marketing content.

These RPOs and RTOs also need to be as aligned as possible to ensure that the right data is being recovered. For example, if the RTO is five minutes, but the RPO is yesterday’s data, that’s not optimal. On the flip side, it’s also no good if the data has been backed up within 15 minutes, but it takes a day to recover. Lining up RPOs with RTOs is therefore a critical step in ensuring backups can be successfully recovered in the event of a ransomware attack.


The road to recovery

As well as effectively backing up their data, manufacturers also need to adopt the right mindset in order to minimize the impact of ransomware. Many manufacturers think that cybersecurity protocols are their best defense against ransomware and, while implementing effective cybersecurity measures is definitely necessary, IT professionals should always be operating with the mindset that at some point hackers will find a way into the corporate network. There’s always a new vulnerability to exploit, or a new, unusual malware variant cropping up – which gives hackers the upper hand. LockerGoga provides a perfect example, as cybersecurity researchers still aren’t sure how it infects the target system, and whether hackers’ main goal is to drive profits or just cause headaches.

It’s this rapid development of malware that makes it so important for businesses to invest in backup and disaster recovery technology. In most cases, these solutions represent a company’s last line of defense, so they have to be regularly maintained and updated in order to ensure they are effective at responding to modern threats.

So, what capabilities should manufacturers be looking for? Well, the most effective solutions allow users to go back and recover data from a pre-determined recovery point. Having this level of high availability is especially helpful in cases where data has been corrupted, as it enables the IT team to recover data from a state prior to the incident. Speed is also important, as shown by the fact that nearly half (49%) of IT decision makers feel they have less than an hour to recover business-critical data before it starts impacting revenue.

Further, technology that provides ample onsite and offsite recovery options is more important than ever. Having data backed up on a public or private cloud service could be a manufacturer’s saving grace if their data center is irrecoverably infected in a ransomware attack, which means businesses have to take the time to invest in the right cloud infrastructure. For manufacturers specifically, the cloud offers a cost-effective storage and data recovery option, as it removes the need for them to build their own physical IT infrastructures.

If they weren’t already aware of the threats to their operations, the recent Norsk Hydro ransomware attack should be a wake-up call to any manufacturer that doesn’t have a sufficient backup and recovery strategy in place. Manufacturers simply can’t afford to underplay the importance of investing in data protection and disaster recovery technologies that safeguard their data in the event of a ransomware attack. Data recovery should be at the forefront of every manufacturer’s ransomware crisis plan and if it isn’t, now is certainly the time to make a change.