Ransomware is a growing security problem and one of the biggest forms of cybercrime that organizations face today. Every day, news feeds feature stories of criminals who brazenly announce they're holding business-critical data hostage until a ransom is paid. And there is no guarantee of getting that data restored, even if you pay the ransom.\nManaged by well-funded criminal organizations with squads of full-time developers, ransomware has become a lucrative business. According to CyberSecurity Ventures, ransomware claims a new victim every 5 seconds, and as of 2021 damage costs worldwide have reached $20 billion. That\u2019s a 57x increase in just 6 years \u2013 more than enough to keep your CISO up at night.\nWith new strains of ransomware and other malware threats on the rise and data continuing to grow from edge to the cloud, your enterprise and customer data are more at risk than ever. In this fast-morphing environment, organizations must act quickly to protect business-critical data.\nData protection is a crucial line of defense against ransomware. Secure backup images of critical business data and applications allow companies to roll back in time to recover applications and data before the point of ransomware infection. Although many data protection solutions in the market promise to address backup and recovery, most of them provide only partial protection. Legacy solutions are not immune to ransomware once data center systems are impacted.\nCan you prevent ransomware attacks?\nAttacks happen. It\u2019s not a matter of if, but when. As long as cybercriminals believe your data has value, they\u2019ll continue to exploit vulnerabilities and find innovative ways to encrypt critical data. This means that investing in recovery is just as critical as prevention. Including data protection in your cybersecurity framework is a requirement for cyber resilience. Here are 7 best practices that can help you mitigate the risks of ransomware attacks and set your business up for quick recovery.\n1. Use both disaster recovery and backup solutions\nBackup is part of every cyber resilience plan. Ransomware is a disaster scenario, therefore organizations must also include disaster recovery (DR) in that plan. Modern DR solutions bring granular recovery checkpoints and the ability to recover entire sites or applications within a few clicks. These solutions enable significantly lower recovery point objectives (RPOs) and faster recovery time objectives (RTOs).\nMulti-layered data protection using the 3-2-1-1 rule continues to be crucial. Store three copies of your data on two different media types with one stored offsite and the second one stored offline. Organizations using both DR and backup solutions to create an impenetrable multi-layered defense are able to remediate risks and become operational much faster post-encryption. End-to-end data protection solutions, like those offered by HPE, let you easily adopt the 3-2-1-1 rule to ensure data integrity, and maximize application uptime and data availability for your business.\n2. Test, test, and test to ensure recovery \nMost organizations are unsure of their ability to recover once an attack happens, usually due to infrequent testing of their DR and backup solutions. It\u2019s imperative that organizations prove their ability to recover by fully testing all recovery operations, from failovers to file-level recoveries. Mimic actual disaster and recovery scenarios to ensure that administrators are following protocols and documentation, especially during ransomware recovery simulations.\n3. Isolate backup data\nCybercriminals usually attempt three insidious techniques to try and force a ransom payment: encrypting, modifying, or deleting an organization\u2019s data. In the case of data modification, ransomware changes storage blocks, and your backup system ends up backing up the altered, now-encrypted files.\nImmutable backups keep backed up data out of reach, effectively erecting a wall against ransomware attacks. Systems such as HPE StoreOnce Catalyst provide immutable backups that can\u2019t be encrypted, modified, or deleted. HPE\u2019s data protection solutions completely isolate data wherever it lives to prevent it from being tampered with, intentionally or unintentionally. Secure by design, these solutions make backup images invisible and inaccessible to ransomware, ensuring data integrity and enabling data restores in the event of an attack.\n4. Improve your RPOs\nHow frequently you perform a backup determines your data loss. For organizations using nightly\/daily backups, that could mean hours or an entire day of data loss. If you\u2019re looking to reduce data loss, it\u2019s time to rethink your data protection frequency for better RPOs.\nHPE data protection solutions allow you to deliver RPOs of seconds using continuous data protection (CDP) along with a backup solution that enables near-continuous data protection for more frequent backups for better recovery times and longer retention periods.\n5. Speed up your RTOs\nAttacks do happen, and fast. While it\u2019s important to employ the 3-2-1-1 rule to protect you from data loss, it\u2019s every bit as critical to prepare for fast recovery. The longer your business waits to be operational again, the deeper the damages.\nData protection solutions with built-in orchestration and automation help provide predictable and rapid recovery, minimizing system downtime, business disruptions, and revenue loss. Zerto, an HPE company, speeds the process of getting back your data and applications\u2014at scale. Zerto\u2019s CDP technology provides recovery in minutes, and lets your organization recover from a disruption or an outage with the lowest RPOs and fastest RTOs in the industry.\n6. Add air-gapped data protection\nAn air gap, also called an \u201cair wall,\u201d is a security measure that protects data from intrusion. The concept is simple: any device that isn\u2019t connected to a network cannot be attacked remotely. One of the challenges of on-premises data protection solutions is that they are exposed to the same ransomware threat as the rest of your datacenter. Any backup environment attached to your network can be infected with the same ransomware that corrupted your primary database, preventing you from accessing your backup data at a critical time.\nYou can avoid this cyber trap with air-gapped tape backup solutions. Storing offline and offsite copies of data on tape storage which has no connectivity to public networks ensures that ransomware cannot touch a backup. Create secondary backup copies to tape regularly to ensure that you will always have a clean copy of your data. \n7. Set up on-demand sandboxes and anomaly detection\nSafely recovering data from a ransomware attack requires more than just executing a recovery. It involves investigation and isolating data for verification before it is restored back to production. There are a number of anomalies in a data center that can be monitored, and a few combinations that can be good indicators of active ransomware. This is where HPE InfoSight really shines, and can bring you the detailed information you need to make management decisions.\nHardening systems by keeping them up to date with the latest patches and detecting malware before an attack happens are both important in preventing ransomware attacks. Ransomware attacks can lie dormant on systems for days, weeks, or months before attackers decide to activate the malware, and they often target known vulnerabilities.\nZerto enables you to create an on-demand sandbox replica of your production environment quickly and non-disruptively. Being able to quickly and non-disruptively test security patches and scan for malware in on-demand sandboxes helps you accelerate preventative measures to keep your systems free of ransomware. Sandboxes and anomaly detection can work together to offer one more layer of protection against modern cyberthreats and disasters.\nGet back in control\nBy implementing these steps, you can start protecting your organization\u2019s data against damaging ransomware attacks. When you are in control of your business data, you are no longer vulnerable to the hacker\u2019s demands. As the threat landscape continues to evolve, more and more enterprises will need to modernize their data protection edge to cloud to keep their data secure from any cyberattacks.\nModernizing data protection puts you in control and can improve efficiencies, too, by reducing cost, risk, and complexity in backup environments. Protecting your data at the edge, on-premises, and in the cloud will set you up to deliver on future SLAs, enabling you to meet demanding SLAs (RPOs and RTOs) and keep your business moving ahead.\n Cybercrime to Cost the World $10.5 Trillion Annually by 2025, CyberCrime Magazine, Nov. 2020\n____________________________________\nAbout Avi Raichel\n\nAs CIO and VP of GTM at Zerto, Avi Raichel leads the IT team as well as various GTM domains including managed service provider (MSP) business, sales operations, channel & alliances and demand generation. Zerto, a Hewlett Packard Enterprise company, is an industry leader in cloud data management and protection. Since joining the company in 2017, Avi has helped to ensure that internal IT processes and systems accelerate Zerto\u2019s strong business growth.