Over the last few years, everyone working in IT has been involved in, or knows someone who has been hit with some form of malicious ransomware.
Public cases this year include but are not limited to:
These brands aren’t alone, with formal notifications to the Office of the Australian Information Commissioner (OAIC) topping 500, over 30 of them were specific to ransomware. The extent of the impact to the end user and indeed the company will depend on their services and how much data they hold. If you take the recent Garmin outage as an example, it affected not only all the exercise junkies out there, but also impacted numerous aviation services for users around the globe.
In the case of Garmin, their market position as the ‘go-to’ fitness tracker and indispensable aviation tool with hundreds of thousands of users globally, meant that the extended outage resulted in extreme visibility. The volume of noise levelled at Garmin should serve as a cautionary tale for similar organisations.
Whilst surprisingly enough, in this case it doesn’t seem to have had an impact on the share price, to a smaller company, with less brand loyalty or in a more competitive market this could easily have contributed to another business going under in an unforgiving economy.
Now, we have no idea what really happened behind the scenes over the 5 days outage. Rumour of a $10M ransom being paid may or may not be true, maybe they restored everything from backups? What we do know is with a small investment in planning and potential technical remediation, they could have potentially recovered well within 24hrs and minimised bad press and brand damage.
If you think about your own organisation, how confident are you that when it happens at your place, you will be able to minimise the outage and reputational damage? The custodians of the services and data are liable for the outages and breaches at a corporate and potentially civil level.
Planning, process and technology
In our experience most companies have already invested in some form of data protection. These tools are available at multiple levels of the infrastructure stack and sometimes within the applications themselves. What we often find missing relates to planning and process:
A complete data protection framework needs to address all the above to be of the best possible value when the inevitable occurs. At a bare minimum, the ability for IT to recover quickly at a technology level is not an unreasonable expectation and should be priority enough for any business to fund some potential remediation or investment.
The various forms of data protection include:
How Logicalis can help: