In the Battle Against Ransomware, Organizations Need to Enhance their Data Protection Capabilities

Recently, my colleagues have discussed in depth the need for premium ransomware protection. This isn’t without reason:
Ransomware caused losses up to US $20 billion for global governments and enterprises in 2021, 57 times that in 2015;
One business or device is attacked by ransomware every 11 seconds globally, costing an average of US$1.85 million in ransom;
80% of victims who pay a ransom are targeted a second time.
All this simply solidifies the need for one thing – data protection.I’ll give a simple example about data protection. Consider how smartphones are indispensable in our day-to-day lives – to stay in touch with our friends, pay for goods and services, and record those precious moments in our lives. Now imagine your phone is stolen, or even worse, your password is easy to crack. You are flooded with anxiety because there is a good chance the thief can get your bank card number, ID card number, and key contacts.In this case, post-event protection measures are essential: track and locate your device, lock it and send alarms, and restore data from the cloud to another device of yours to prevent data loss and leakage. In particular, the last step is the most important, as it restores your data.This is similar for enterprises. In our digital age, digital transformation and innovation are the foundation for quality services that generate data and data processing, which in turn drive the evolution of services. Enterprises are heavily dependent on data, and it is for this reason data security should be the primary business concern for enterprises.But data security in isolation is not enough. As our world depends more and more on digitalization, the growing data volumes have reached unprecedented sizes and in diversified data formats. The trend of cloud-native software platforms indicates the growing need for service continuity. In the past, hackers might launch attacks just for pranks, but now they demand ransoms instead. Traditional data protection solutions are no longer enough to protect core data, and enterprises must enhance their data protection capabilities. Against this background, Huawei proposes the enhanced ransomware protection storage solution to provide efficient and worry-free data protection.Let’s take a look at the competitive advantages of the advanced ransomware protection storage solution of Huawei.First, the solution offers enhanced backup and recovery storage capabilities to handle the mass data that cannot be met using traditional backup systems, nor within a short window. In addition, domestic or international requirements for long-term data retention have caused backup costs to skyrocket, influencing enterprises to change their existing backup policies, and thus impacting protection levels for enterprise data.This is not the case with Huawei OceanProtect Backup Storage. Our solution enhances the backup and recovery of the storage system from three aspects: industry-high backup and recovery bandwidths of 155 TB/hour and 172 TB/hour, respectively; a 72:1 data reduction ratio to help slash costs; and the always-on backup system, which provides the most stable backup in the industry. HuaweiSecond, we provide unparalleled protection from ransomware. Current ransomware techniques use bait to obtain your identities and authorization, implant virus programs to detect system vulnerabilities, and then move horizontally between systems in the data center to search for and encrypt important information. Consider the hacker as a thief pretending to be a delivery person to enter a residential community, patrolling the neighborhood to steal valuables and extort money. They not only break into your house, but they lock the door and demand a ransom if you want the key. The thief may even sell the stolen items to a third party.ESG reports that 62% of IT decision makers in the finance, government, healthcare, energy, education, or transportation fields, all worry that their existing data protection measures are insufficient in the face of malware and ransomware threats. The increasingly severe ransomware threats have caused enterprises to even shut down due to the crippling economic losses.Typically, security protection is necessary to defend against diverse malicious attacks, including ransomware. However, evolving methods, especially the rising of Ransomware as a Service (RaaS), make it harder for enterprises to defend against, mitigate, and defeat ransomware attacks. According to Gartner, 75% of enterprises will face at least one ransomware attack by 2025, while public reports show that from 2017 to 2021, criminals successfully launched attacks against 54 companies in different industries.Breaches of core data show why you cannot skimp on data protection measures. As ransomware attacks become more sophisticated, enterprises must continually improve their defenses to keep pace. For many, that requires upgrading technologies to reduce malicious attacks and related risks. That’s why we released the Huawei ransomware protection storage solution, our upgraded technology that is perfectly positioned to offer best-in-class business protection.The Huawei solution is equipped with four-layer ransomware protection to help enterprises effortlessly defend against ransomware and quickly restore production data. This solution is built on the National Institute of Standards and Technology (NIST) framework – covering identification of sensitive information, data protection, ransomware detection, response, and data recovery – to deliver complete, multi-layer ransomware protection. The following figure shows the design of one production zone and two isolation zones running on four key technologies: ransomware detection, secure snapshot, storage/backup, array/link encryption, and air gap network isolation. HuaweiLayer I: Ransomware detection and blockingBecause most ransomware can’t penetrate or enter the production storage, the system detects attacks and quickly prevents known viruses, while flagging and warning of the unknown attacks.Layer II: Secure snapshots In the unlikely event ransomware finds its way into the system, this technology ensures data on the production storage can’t be tampered with. If files are locked, the secure snapshot function ensures unchangeable copies stored on the primary storage can be quickly used for data recovery within seconds. What’s more, these copies are encrypted, so you don’t have to worry about data leakage.Layer III: Local backup Local backups can be used for restoration, using clean data recorded at an earlier point of time to restore data. Secure backup copies stored in the local data center are available for data restoration.Layer IV: Air gap and link encryptionOnline protection for the first three layers is built on the production system, meaning data is still at risk by ransomware. To solve this, the Huawei solution provides a physically isolated data zone that stores clean data copies to restore the data of the entire production center and minimize the probability of data copies being infected by ransomware. As an extra measure of protection, data is encrypted when transmitted to the isolation zone, meaning even if a hacker has the data, the data information is unclear. Put simply, the physical isolation zone and link encryption make your data untouchable.Huawei is one of the few vendors to provide full ransomware protection covering ransomware detection, warning, handling, secure snapshots (on production and backup storage), isolation zones, and data recovery. Huawei leads the industry in ransomware detection and intelligent analysis. Unlike most vendors that only analyze abnormal I/O behaviors or file attribute changes to identify ransomware, the Huawei solution both detects and analyzes file modification behavior and uses machine learning technologies to elevate the ransomware detection and interception rate to 99.9%, much higher than the industry average of 99.5%.In addition, the solution uses its secret weapon – OceanProtect Backup Storage – to achieve the fastest recovery speed in the industry, while minimizing the impact of ransomware on service continuity.Much like the smartphone stealing case, if enterprise data is infected by ransomware, the process to eliminate the risk is really quite simple: detection/alarming > data recovery from local devices or isolation zone. That’s it. It’s quick, easy, and there are no extra steps. More importantly, there is no ransom payment.Under the theme “Unleash Digital”, Huawei Connect 2022 will travel to four cities in sequence as Bangkok, Dubai, Paris, and Shenzhen starting from Sep 19. The annual event will introduce a number of ICT products, portfolios, and solutions designed to meet the needs of various industry scenarios. Through a series of summits, broadcasts and exhibitions, we will also give a sneak peek at new groundbreaking innovations, as well as best practices and results from our work with customers and partners around the world.About the author: Michael Fan is currently the director of the Data Storage Solution Sales Dept of Huawei Enterprise BG. He is responsible for international business sales of data storage and solutions. Including but not limited to strategic planning, market selection, sales strategy development, and sales target achievement.

Copyright © 2022 IDG Communications, Inc.