5 Steps to tackling ransomware with a data-centric Cyber Resilience approach


Data has never been more valuable or vulnerable in today’s landscape. It is the lifeblood of many organizations today – powering operations, fueling innovation, and creating exceptional experiences. 

Along with the emergence of new technologies such as artificial intelligence (AI), machine learning (ML), cloud and more, organizations’ dependency on data has grown significantly in recent years – and so has ransomware’s debilitating impact. True enough, NetApp’s 2024 Cloud Complexity Report revealed that 60% of APAC companies have cited “increased cybersecurity risk” as their top concern in the AI era. 

What’s equally worrying is that according to Check Point Software Technologies, Thai organizations faced a staggering 1,892 cyberattacks per week in the latter half of 2023, significantly exceeding the global average of 1,040 weekly attacks.

As the frequency of cyberattacks and the sophistication of ransomware attacks continue to escalate, this calls for an urgent need for organizations to deploy a coordinated, multilayered strategy to reinforce cyber resilience. A crucial part of this strategy is to ensure organizations’ enterprise storage acts as the last line of defence for their most valuable asset – data. 

Cyber Resilience – A data-centric approach to protecting and securing data

Cyber resilience goes beyond just blocking attacks, the key aspects lie in the organizations’ recovery capabilities and data protection. 

Often, complexity is a key culprit in driving up the cost and time involved in backup and disaster recovery. If an attack breaks through an organization’s first line of defence, the ability to restore recent point-in-time copies of data at a granular level is the key to quickly remediating threats and bringing data and applications back online with minimal disruption.

Five steps to creating a cyber resilience strategy 

Here is a five-step approach that organizations can consider when developing their cyber resilience strategy.

• Identify: Take stock of the IT environment and assess current data protection and security processes. This involves classifying and pinpointing the location of all data sets based on their value, along with evaluating access permissions. It is also important to use the right tools for this initial data inventory, as a manual approach can be time-consuming and lead to confusion later in the protection and recovery process. Additionally, identifying and mapping the flow of sensitive data and transactions creates a baseline understanding of user interactions with resources, applications, services, and workloads – a crucial step towards implementing a zero-trust security model.

• Protect: Next, organizations can establish robust data protection measures. This includes encryption, regular backups, infrastructure management, access control, perimeter defences, software updates, and cybersecurity training. This process hinges on defining recovery time objectives and recovering point objectives (RTOs and RPOs) for each data category. In a zero-trust environment, each critical digital element is further isolated with micro-perimeter controls and filters, allowing organizations to malicious users, thwart infection, and prevent data deletion.

• Detect: Detection is vital to staying ahead of malicious agents and other threats. To effectively counter threats in a zero-trust environment, organizations need centralized detection and management. Modern AI and ML tools can be leveraged to identify suspicious activity before it escalates. NetApp, for instance, is one of the first to integrate AI and ML directly into enterprise primary storage to fight ransomware in real-time. Additionally, continuous monitoring with a single view across all data – on-premise and cloud environments – provides a comprehensive picture for swift response and threat prevention.

• Respond: Organizations will need to proactively implement solutions that can help them automatically block malicious user accounts and create immutable recovery points when a threat is detected. This can minimize further damage and help prevent data theft.

• Recover: Downtime can be reduced by applying intelligent forensics to identify the source of the threat, and targeting which data to restore first. By rapidly restoring data, companies can help accelerate operational recovery and bring critical applications back online.

When ransomware comes knocking, every second counts. Organizations need to recognize that ransomware attacks will eventually hit everyone. 

What matters most is how organizations can proactively protect, continuously monitor, and automatically take action to protect data in real-time. 

By adopting the right approach and leveraging on AI, a company can quickly detect threats in complex hybrid and multi-cloud environments and prevent disruptions to their operations.

Unnop Wadithee, Country Manager, NetApp Thailand