By Anton Shelepchuk (pictured), VP of Worldwide sales, NAKIVO
Ransomware is one of the most dangerous threats to data, evolving into ever-more sophisticated forms, it shows no signs of abating. The introduction of new tactics, coupled with the generative AI boom and the rise of malicious “as-a-service” offerings, have all contributed to the increase in both the volume and sophistication of ransomware attacks.
Thanks to the wide availability of ransomware-as-a-service (RaaS) and similar offerings, attacks have become more versatile. RaaS kits, sold at relatively low prices on dark web marketplaces, have made it possible to outsource almost every step of a ransomware attack such as distribution, scanning, and infection. More importantly, these kits are designed to be usable by even the least experienced hackers, enabling anyone to launch powerful attacks with ease.
In terms of new attack types, the first case of the devastating “dual” ransomware attacks was witnessed. In these attacks, first reported in September 2023, the same victim is targeted multiple times using different ransomware strains within a short time span – around 48 hours instead of the typical 10 days.
Another important factor influencing the growth in attack volumes is the use of generative AI – both mainstream (ChatGPT) and dark web variants (FraudGPT) – to facilitate various steps of a ransomware attack. Hackers use AI tools to create highly personalised phishing emails, impersonate executives, and create more elusive malware, to name a few examples.
The channel opportunity
The evolving ransomware threat is certainly daunting for organisations. However, the flip-side of the coin is that it presents an opportunity for the channel to educate customers about the risks, providing insights into where clients' organisations might be vulnerable, as well as imparting intelligent data protection strategies and processes to help customers thwart attacks.
Channel partners can start by emphasising the need for modern backup and ransomware protection software as a solution to the ransomware problem in the most vulnerable industries. Vertical markets that have been shown to be most susceptible to ransomware attacks (as well as most likely to pay a ransom), include manufacturing, healthcare, education, technology, and public sector.
This is also an opportunity to provide dedicated cybersecurity training sessions that serve as a gateway for targeted marketing efforts. Moreover, channel partners can shine a light on the compliance challenges specific to some of these industries (e.g. FERPA for educational institutions) and present data protection tools as an effective solution.
Core components of an intelligent BDR strategy
A resilient backup and disaster recovery (BDR) strategy must include the practice of data backups on a frequent basis, with incremental, automated routine backup processes and a combination of onsite, offsite, and cloud storage targets. In addition, the backup infrastructure should be secured with robust identity and access management protocols. Data recoverability should be frequently tested, together with the implementation of a flexible retention and archiving strategy, which should be closely adhered to.
For disaster recovery, a comprehensive plan with clearly defined roles and granular steps for different scenarios should be created. While up-to-date registers of current IT assets, potential risk factors, and disaster recovery stakeholders must be maintained. IT administrators should set realistic recovery point objectives (RPOs) and recovery time objectives (RTOs). Finally, a full disaster recovery test should be conducted at least once a year, with the strategy updated according to the results.
BDR strategies can be communicated in various ways, including face-to-face and online events (webinars, workshops, training sessions, etc.). Educational content such as blog posts, white papers, e-books, and videos are also useful tools, as are social media posts and dedicated email campaigns.
Channel partners can offer guidance by sharing best practices and other helpful insights through marketing channels as well as within sales conversations. The channel can also help by recommending BDR tools that meet each organisation’s unique needs and budget.
BDR challenges
Adopting successful BDR strategies requires considerable planning and resources. Implementing these strategies is not a smooth process for all organisations. And this is also where the channel can step in and provide recommendations and support. Such common challenges include: poor knowledge of BDR guidelines; high costs associated with certain solutions and implementations; as well as potential complexities in maintaining backup and recovery workflows. Smaller organisations can find themselves tackling technical limitations, such as poor backup performance and insufficient bandwidth, as well as reliability problems, including damaged backups and recovery failures. These challenges can be overcome by increasing focus on IT staff training and using solutions that are reliable, simple, and cost-effective.
How vendors can support the channel
Vendors play an important role in supporting the channel. Vendors could incorporate the feedback of channel partners and customers into product development to help them overcome common pain points. It’s also crucial for vendors to be involved in the educational aspect of BDR by hosting training events and publishing helpful content on a regular basis. Moreover, vendors should provide continuous technical support, offering assistance in configuring, troubleshooting, and optimising BDR solutions.
With these ransomware prevention steps in place, the channel can play a major role in reducing the risk of ransomware infection and potential damage for customers caused by such attacks.
