Nejde Manuelian, Director VMware Cloud, Northern EMEA
Modern organisations’ most precious assets are no longer solely physical, but the data and applications that run their business. Contained in which is a goldmine of valuable information that is a constant target for cybercriminals. This is particularly the case in highly-regulated sectors such as financial services (FS) and why we have seen an explosion in ransomware attacks in recent years.
The biggest threat to the financial system?
According to the Sophos State of Ransomware 2022 report, 66% of organisations were hit with ransomware in the last 12 months. Beyond the attack itself, the damage is lasting. The same report also found that it takes, on average, one month to recover from a ransomware attack and that 96% of organisations who paid the ransom didn’t regain full access to their data. And as for paying the ransom? The IBM Cost of a Data Breach Report 2022 calculated this to be a little over USD $4.6M on average.
If we dive deeper into financial services specifically, the figures make for even worse reading. In 2022, for example, data from Akamai showed web application and API attacks against financial services firms grew by 257% compared with the previous year. This sector also sees some of the highest cost for cybercrime, with the typical cost of a data breach for this sector stood at USD $5.97 million – more than a million dollars above average. Little wonder that recent research by the Bank of England found that financial services companies rate cyberattacks as the biggest threat to the country’s financial system, ahead of inflationary pressures and geopolitical risks. When you consider what the financial sector is currently faced with, this is an alarming statistic.
A ransomware attack: ‘when, not if’
In late 2021, the G7 Cyber Expert Group made a call to action to member states to identify and disrupt ransomware criminal organisations and networks, calling out the importance of responding swiftly in order to hold these networks accountable for their actions. This is particularly acute in financial services with the pending DORA legislation, which aims to ensure that all participants in the financial system have the necessary safeguards in place to mitigate cyber-attacks and other risks. The legislation will require firms to ensure that they can withstand all types of ICT-related disruptions and threats and is likely to become law in the UK.
It’s clear to see that experiencing a ransomware attack is a case of ‘when, not if’. A position that has placed disaster recovery (DR) plans high on the agenda for financial services businesses. It’s actually a topic we hosted a recent webinar on – you can catch-up on that, here.
An ever-spinning wheel
When you consider the complexities involved and the sheer ingenuity and will of criminals, developing a best-in-class DR plan is not without challenge.
For a start, owning and maintaining a traditional DR site requires significant investments, since it often means building an entirely new data center. Organisations need to buy or lease hardware, purchase software licenses, invest in premises and dedicated IT assets, and more. However, since DR is used only in emergencies, organisations end up spending significant amounts of money on something that goes unused most of the time. Despite the fact DR sites are largely dormant, businesses need to keep up with application changes and upgrades as well as performing frequent tests with many organisations required by law to present the results in an audit. In addition to the time and effort of performing the tests, writing and compiling detailed reports is complicated and time-consuming.
This is an issue that was discussed at length during the webinar. Paul Nothard, senior solutions architect, Financial Services Solutions, VMware saying, “historically, banks would have a primary site, a DR site and even a back-up site, but testing was done as a box-ticking exercise and the harsh reality is that it didn’t work. The reason it didn’t work is because there was no end-to-end testing and inter-company systems didn’t talk to each other. Today, regulators across the FS spectrum are putting huge pressure on businesses to test in a cost – and carbon – efficient way and it’s now a business-critical function.”
Even after deploying a DR solution, many organisations run into scaling challenges as the amount of their data, and the number of their applications, increase. This involves spending more time on planning, leasing additional real estate, negotiating with vendors, re-configuring the network, adjusting security policies, and more. Of course, this all has to be done within the parameters and timings of the regulations and auditing in the sector.
It’s an ever-spinning wheel most organisations cannot keep on top of.
A Cloud Smart approach
Many existing solutions on the market focus on the recovery of data and with good reason – businesses can’t prevent a ransomware attack, but they can do their damndest to minimise the damage. However, recovering data is not the only activity which must be undertaken. For instance, where does the restored data go? Post-attack, the infrastructure will take time to rebuild and the ransomware must be removed from the network.
Many organisations have looked to leverage a Cloud First strategy, however, most continue to see a delta between the original vision and their current status, with many not realising the benefits envisaged originally, instead faced with additional complexity and cost. A Cloud Smart approach takes a more innovative and practical approach in leveraging Cloud, and the entire diverse ecosystem that most organisations operate within.
Ransomware Recovery
This is why we developed VMware Ransomware Recovery. Taking full advantage of the benefits of modern public cloud with on-demand, flexible, scalable, services, it is the only solution in the market that helps businesses recover from modern ransomware threats while creating a landing zone within a public cloud.
You can hear much more about what this means for your business in the webinar. However, if you would like to find out how we can help protect your business from future ransomware attacks, please visit VMware Ransomware Recovery
