Where should organizations place their focus: ransomware solutions or data recovery?

758 views1 Upvote6 Comments

CISO in Software, 51 - 200 employees
Ransomware is a big problem but what is everybody doing about it? Sophos released a report that said 51 or 52% of all the companies they surveyed got hit with ransomware. And to make it worse, 80% of those companies got hit again 3 months later, after they basically resolved the issue.

I'm sitting on these security conferences all day long on Zoom and all I hear about is, "What's your recovery plan for ransomware?" Why are we talking backups? Why are we talking restores? What if I have to restore petabytes of data? I'm toast. I'll be down for 2 months.
2 2 Replies
Head of Security in Software, 501 - 1,000 employees

People are thinking about how they can make back ups to restore the data, as opposed to talking about the ways to prevent ransomware as much as possible.

Head of Business Technology in Software, 201 - 500 employees

44% of the surveyed companies said they are ready to pay 10% of their ELA revenue for recovering the data and 20% of them are ready to pay 20%. My question is if you are ready to pay that much money, why not invest in protection in the first place? It's a balancing act—we’re saying one thing but then our actions don’t match up. That's how we get caught in this situation.

Chief Information Officer in Education, 5,001 - 10,000 employees
Some school districts are starting to understand that we need to focus on ransomware and are looking for those opportunities. I can only speak for school districts in Colorado, but I assume it applies to most other states. We're grossly underfunded, so I don't have a security team. I came from the private sector and I'm used to having lots of folks at my disposal, so I need to have those solutions.

We need to have software to help us because we don't have the staff or the money to go after it. So my approach is to look for both recovery and solutions. I've got 56K kids, 10K staff and 35K parents, so I hit 100K accounts in the blink of an eye. There are probably 75K endpoints and it just gets out of control. I can't cover it all, so I'll cover the high-value targets to make sure they're good and that we're not going to lose stuff if we can help it. Then on the backend, I try to make sure that we're protected as best as we can be, and that we’re ready to recover.
Head of Security in Software, 501 - 1,000 employees
Now people have started to realize that they need to identify at least a handful of high-risk personnel within the organization—maybe the C-suite or the architects who have access to IPs, etc. You should at least back up their laptops. 

Attention has shifted to how to restore the data, as opposed to figuring out if we can prevent ransomware as much as possible, while also having a plan to restore using a Bulk Copy Program (BCP). That is what I spent the most time trying to convince the other stakeholders of, that we need to think in both ways. We cannot say, “Let the ransomware hit us, let them take away my data, I can always restore it.” That is not the solution. You need to think about defense and restoration as two separate entities.
Chief Information Officer in Manufacturing, 10,001+ employees
I think it's a two-fold process. They are both intertwined with each other. Ransomware is high on the lists of projects to get completed and develop an ongoing strategy to become proactive and less reactive. In doing so, we should be tightening up data storage and recovery processes. Do we implement encryption at rest and have a central key server? Do we make it accessible to the user with specific security roles to reduce the strain on IT Staff? There is a lot to be considered when tackling bot ransomware and data recovery.

Content you might like




Non-production DBs (Dev, Training, QA, etc.)30%


1.5k views1 Upvote

10% or less17%





We're not planning to spend money on digital transformation in 2022.0%



CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
46.6k views133 Upvotes324 Comments

Community User in Software, 11 - 50 employees

organized a virtual escape room via https://www.puzzlebreak.us/ - even though his team lost it was a fun subtitue for just a "virtual happy hour"
Read More Comments
13.4k views27 Upvotes67 Comments