Recent years have seen a dramatic increase in ransomware attacks against businesses of every size and description, along with a significant increase in the ransoms being demanded. As of 2020, an estimated 58% of ransomware victims chose to pay the ransom, with the result that hackers were walking away with an average payment of $312,493 per incident. The highest ransom paid in 2020 was $10 million dollars—double the previous years’ record.
At current rates, most businesses can expect to be probed by an attacker at some point, and the ransom demand itself is only the tip of the iceberg in terms of costs. The typical downtime a business can expect from a ransomware attack is 16-21 days, representing the potential loss of hundreds of thousands of dollars as businesses struggle to rebuild their systems and recover data. The infamous Colonial Pipeline ransomware attack of May 2021 resulted in six days of downtime and abnormal business operations for an extended period even after the ransom was paid.
Cyber insurance companies are also increasing their rates in response to the increased threat and expense of ransomware attacks, and often will not cover all losses associated with an attack.
Air Gap Protection from Ransomware
Conventional backups are insufficient protection against the threat of ransomware attacks, as hackers have become more sophisticated in their approach. Typically, before launching a ransomware attack, they will locate and either delete or encrypt their target’s backups, so restoration is impossible without the encryption key. The most effective solution is to separate your backups from your network so hackers are unable to see them and there is no direct connection to your production servers. ERP Suites Cyber Recovery provides an air gapped recovery copy for X86 virtual machines and IBM i LPARs hosted at either of our data centers. This backup is offloaded to a secondary array that is only accessible in a very limited time window.
How is this different from normal backups or Disaster Recovery?
Normal full and incremental system backups, Disaster Recovery, and Cyber Recovery solutions are different approaches to mitigating different types of risk to your data. Full and incremental backups are crucial for restoring servers to a point in time in the event of an application failure, mistake, or misconfiguration. Disaster Recovery allows for system restoration in the event of server failure or a natural disaster that impacts a data center. By contrast, ERP Suites Cyber Recovery is specifically targeted to restore from a cyber incident in under two hours, is air gapped from the operating network, and is immutable to prevent an attacker from deleting or encrypting the copies. Backups can also protect against ransomware, but they take a long time to restore. Also, if the backup solution is not air gapped from the rest of the environment, an attacker can potentially delete or encrypt the backups.
Do Air Gap Backups Replace DR?
Disaster Recovery is not useful in the case of a ransomware incident since the DR technology will simply sync the encrypted data. Companies should not use air gap backups instead of disaster recovery backups.
Can I still be Hacked?
Air gap ensures that you can recover from an attack as quickly as possible, but it will not prevent an attack or ransomware infection. ERP Suites offers other types of security assessments and security services to reduce the threat of cyber attacks.
ERP Suites Air Gap Cyber Recovery
Where is the air-gapped backup?
The air gap data is stored in a secondary array, which is located in the ERP Suites private cloud at our local data center. Keeping the air gap data in the same data center allows us to recover at a very fast rate.
Can AS/400 be protected by air gap backups?
Yes, we can protect IBM i as part of air gap cyber recovery. In that case, the protected LPAR is replicated to an immutable storage copy. This copy can only be restored to the production LPAR via the management frame and is logically prevented from being modified in any other manner.
How does air gap data stay updated?
A storage snapshot of the VM takes place daily. The snapshot is then offloaded to a secondary array that is only accessible within a very limited time window.
Air gap cyber recovery process
- Discovery of the security issue.
- Notification of ERP Suites.
- ERP Suites will work with the customer to determine the appropriate recovery point.
- Data restoration.
- Testing.
Following restoration, a thorough investigation should be conducted to determine how the infection occurred.
Recovery Time Object
The recovery time object, or RTO, is the amount of downtime the business can tolerate. ERP Suites Air Gap Cyber Recovery will have data and systems back up and running in less than 2 hours.
What components are included?
ERP Suites Cyber Recovery Solution includes a copy of the virtual machine data (which is priced in gigabytes of storage), the number of retained copies of the machines, the configuration of the solution, and annual testing to ensure proper functionality.
Air Gap Recovery Costs
There are huge costs businesses must deal with when they can’t quickly recover from a ransomware attack. Beyond the obvious ransom payment and downtime a company experiences from an attack, companies also have to deal with side effects that can last years. Some companies are forced to remove jobs following a ransomware attack, and 80% of victims who pay a ransom experience another attack soon after.
Companies also experience external side effects after news of a security breach. Many businesses experience a damaged brand in the eyes of their customers and the public.
Is there additional time investment needed from me?
We ask our customers to participate in testing the air gap solution on a yearly basis. Cyber insurance companies usually require some form of annual testing as well.
Will my insurance rates go down?
Many cyber insurers are requiring air-gapped backups in order to underwrite a policy, otherwise, they will significantly increase your rates. Consider discussing with your cyber insurance company for more details.
ERP Suites Air Gap Cyber Recovery Pricing
The price of Air Gap Cyber Recovery from ERP Suites is based on several factors. The two main factors are the size of the data and retention time for the data ERP Suites saves. This has a minimum of one day. Maximum retention time depends on the applicable change rate and the total space allocated. These are priced per GB.
Don't Lose to Ransomware Attacks
As malicious attacks are rapidly evolving, your security measures must work double time. No matter the size or scale of the business, all are potential marks for cyberattacks.
Given the potentially devastating impact a breach could have on your business, there’s little time to upskill. We can fill the gaps, strengthen your defenses and rest easy knowing ERP Suites Managed Security has your business covered.
Shawn Meade leads the Information Security team at ERP Suites. He has been in the IT industry for over 20 years and dealt with Information Security throughout his career including work with PCI, HIPPA, and HITRUST.
Topics: