Industry executives and experts share their predictions for 2022. Read them in this 14th annual VMblog.com series exclusive.
Looking to continuous data protection in the midst of ransomware attacks
By Caroline Seymour, VP of product marketing, Zerto, a Hewlett Packard Enterprise company
According to a recent IDC survey, a disturbing 95.1% of
organizations have suffered a ransomware or malware attack in the past 12
months, so it's no surprise that the subject is a major topic of conversation
in just about every boardroom. While organizations may differ on the
particulars of their cyber protection strategies, all should recognize that
downtime is one of the most expensive parts of an attack and the average
downtime a company experiences after a ransomware attack is 21 days. Continuous
data protection can provide organizations with the means to mitigate concerns
about data loss and downtime, ultimately enabling them to quickly recover from
cyberattacks. To get a holistic view of the challenges around ransomware
attacks, I've spoken with several Zerto team members to have them share trends
to look out for in the new year:
Recovery
needs to be the focal point
"It shouldn't be news to anyone that
ransomware is the cybersecurity
challenge of the moment. It's here and affecting everyone. As we head into a
new year, it's important everyone gains a clear understanding of how attackers
are evolving and how best to strategically protect organizations from attacks
and the impact they have on business.
Attackers are getting smarter, and the payouts
are getting larger and more widespread-two alarming trends. If you dissect the
anatomy of recent attacks, you'll see that cybercriminals are targeting
companies that can be the most hurt, are the most defenseless, or are the most
likely to pay out large sums of money. So, if you are a CEO or CIO of an
organization, it's irresponsible at this point not to have a proven ransomware
response plan. Any organization can fit the target characteristics for today's
cybercriminals, and it's become simply a matter of time until your
organization's number is up.
The ability to recover should be a focal point
of any security plan. This will be defined by how quickly you can stand up your
systems and get them running again. However, in our accelerated digital age
largely brought on by COVID, too much can happen overnight or in three to five
days for the traditional back up model to be good enough. Recovery solutions
need to modernize to fit what the world has become. They need to be continuous
and able to keep applications running 24/7 even in the face of disruption or
threat. Ultimately protecting all of your data all of the time.
Data protection that meets the demands of the
moment can't just be an item on a checklist in 2022. It's a must-have that is a
critical investment for every organization. What started with simple
encryptions that could be downloaded from a Google search and then executed as
a simple ransomware attack is now targeting the most high-profile,
sophisticated, and relied upon organizations in the world. Unfortunately, the
danger will continue to grow but it's on us to ensure that our resistance to it
stays a step or two ahead," commented Avi Raichel, VP of GTM, Zerto.
Don't
just assume you're protected
"It shouldn't be a surprise to say that in
2022 we're going to see a continued increase in the severity and volume of ransomware attacks. In response,
we will see a growth in the ransomware-as-a-service market, which is able to
propagate new versions and new methods in a much faster way than before.
Whether you are a small business or large enterprise, at some point you will be
targeted by a ransomware attack that will try to get into your system and
encrypt your critical data. We will continue to see an increase in state-backed
criminal syndicates that carry out much more tailored and aggressive campaigns.
In 2022, ransomware attacks will continue to
evolve and target critical data anywhere. These attacks will not be solely focused on VM data anymore;
SaaS and containerized applications will more frequently be in the crosshairs
for cybercriminals. We will continue to see container-specific malware attacks
focused on data exfiltration, crypto jacking, and encryption.
This coming year and the following will be
very dangerous because companies are not mature enough in their approach to
protecting containerized and SaaS applications. Many organizations are still
trying to figure out where that data lives, and they assume that the
vendor-Kubernetes or OpenShift for example-is responsible for protecting their
data. Unlike virtualized environments that have disaster recovery built-in, the
reality is that those open-source vendors are limited in that capacity, and enterprises can't always assume
their SaaS and containerized data is protected.
Therefore, every organization in 2022 needs a
data protection plan in place that covers all data-no matter where it lives," said Andy Fernandez,
senior manager, product marketing, Zerto.
Disaster-recovery-as-a-service
(DRaaS) will become crucial
"Disaster-recovery-as-a-service (DRaaS) will become a key
necessity for many organizations and its adoption will skyrocket. The rise in
volume and severity of ransomware attacks and growing threats due to climate
change, combined with the financial impact of downtime are driving
organizations to take disaster recovery seriously.
Most organizations are looking to offload capital expenditures and
only pay for what they use. DRaaS, managed or unmanaged, allows companies to
eliminate the costs and administrative overhead of managing and maintaining
their own purchased secondary sites. Why refresh hardware every couple of
years? Why allocate time, resources, and labor to something that doesn't drive
revenue? DRaaS brings organizations a rapid, efficient way to reduce costs and
only pay for the applications that need protection.
Apart from capital investments, many organizations do not have the
time and administrative overhead required to stand up a secondary data center.
DRaaS brings the fastest approach to protect critical workloads," said Ziv
Kedem, co-founder, VP and GM, Zerto.
Adoption
of product applications
"One trend that will gain momentum into 2022 is the adoption of
production applications on containerized platforms by more
enterprises.
Many
organizations are already using containers for non-production applications. As
the underlying technologies have matured to meet enterprise needs and coupled
with new applications becoming business critical quickly, the opportunity for
deploying production applications directly on containers has arrived. In 2021 many businesses ‘dipped their toe in' and started to move more
containerized applications into pre-production, but in 2022 trend this will
rapidly evolve as the barriers have been removed. We will see a wave of
organizations adopting containerization and its many benefits.
Using containers saves time, money, and
licensing costs. Any organization switching to a container-first strategy can
be more efficient at delivering applications, while lowering costs. However,
there will be some challenges along the way: as containers become the norm for
production, its mainstream status will make it more susceptible to cyberattacks
like ransomware, leading customers to look for data protection capabilities.
Despite its comparatively short life as a new
technology, containerization has rapidly become the foundation of the digital
era: improving agility and accelerating innovation. In 2022, we'll only
continue to see this rapidly evolve." said Deepak Verma, VP of products, Zerto.
In-Cloud
and SaaS Data Protection
One last thought I'd like to offer is about
the acceleration of cloud data protection. Most organizations today employ a
cloud first strategy, and we continue to see that trend accelerate. According
to Gartner, more than 45% of IT spending will have shifted to cloud by
2024 (up from 33% in 2020). This means more and more workloads and
applications are moving into the cloud creating a need for disaster recovery to
protect against disruptions there. Lastly, organizations must ensure that their
SaaS data is fully protected. A common myth is that SaaS data is protected by
the SaaS vendor. It is not! It is the responsibility of the organization to
protect against human errors, malicious attacks, or any other disruptive
events.
##
ABOUT THE AUTHOR
Caroline Seymour is the VP, Product Marketing for Zerto, based in Boston, US. In this role Caroline leads the overall product marketing strategy and execution for Zerto. Prior to Zerto, Caroline was at IBM for nine years and before that Cognos. Caroline has a wealth of experience in the Enterprise software space from the many roles she has held in Europe and in North America.