South Africa currently experiences the highest number of ransomware and email attacks on the continent, with 69% of organisations reporting that they have experienced a ransomware attack in 2023.
This is according to the State of Ransomware in South Africa in 2024 report, recently released by cyber security solutions provider Sophos, which also found that the average cost for a South African organisation to recover from ransomware is $1.04 million (R19.17 million), coupled with prolonged recovery periods. The report also indicated that in 97% of the ransomware attacks, the attackers tried to compromise organisations’ backups. This is bad news because it means that bad actors are becoming increasingly smart.
“In the past, hackers would encrypt an organisation’s production data and the organisation would then resort to its backup to restore its data. These days, attackers target the backup data and try to encrypt it first, before going after the production data. This means that since the backup is also compromised, the organisation is forced to pay the ransom,” says Hemant Harie, Managing Director at Gabsten Technologies.
Data sprawl
“Additionally, one of the main challenges that businesses face today is that of hybrid cloud data sprawl. Organisations are adopting cloud technologies at a rapid pace and migrating production workloads to the cloud, as they focus on a hybrid cloud approach. At the same time, there is also a massive increase in the usage of Software-as-a-Service (SaaS) productively tools. This means that all of this data, which resides in different places, must still be protected and kept secure.”
Harie says that considering this increased attack surface and the enhanced sophistication of cyberattacks, modern organisations should consider adopting cleanroom technology to effectively protect their most critical data.
“Cleanroom technology is essentially designed to be another layer of protection that can be added to an existing backup environment, which seamlessly integrates and communicates with the security systems that are already in place,” he explains.
Aslam Tajbhai, Head of Solutions at Data Management Professionals South Africa, explains that while the traditional requirements for backup have not changed, enforcing the 3-2-1 backup rule will enhance an organisation’s existing data management systems, particularly as backup environments are now required to have additional layers of protection.
“By adopting cleanroom technology, organisations will have to adhere to the 3-2-1 back rule, which calls for three copies of data, two of which are stored in different locations and one that is kept off-site in air-gapped storage. Once a copy of the data is air-gapped and stored off-site, this immutable copy can be used to seamlessly recover data to an isolated, secure and uncontaminated location – the cleanroom,” says Tajbhai.
Automated recovery
He notes that cleanroom recovery facilitates automated recovery of the control plane (management server or COM server) and integration of a tertiary copy of the data that is air gap protected, while an easy-to-use auto recovery wizard does the rest.
“When cyber attackers strike, cleanroom recovery is designed to orchestrate recovery into a clean, isolated location. This service is available to customers on-demand, so they only need to pay for it when they use it,” says Tajbhai.
“The main advantage for organisations using cleanroom technology is that they do not need to maintain a like-for-like costly secondary site or environment for recovery testing. This would typically require having the same amount of systems, storage, CPU and compute power available to do the tests.”
By adopting cleanroom technology, he adds, organisations essentially do not need a disaster recovery environment if they have an air-gapped copy of their data. The full recovery processes can be tested using the service provider’s workflows and automation, allowing the organisation to still tick all its compliance boxes.
“Cyberattacks are posing an ever-increasing risk to modern businesses, meaning that a focus on data protection is crucial to developing cyber resiliency. While enterprises are urged to continue adhering to the best practices for backup environments, the use of cleanroom technology allows for faster and secure recovery, with a reduced risk of reinfection,” concludes Tajbhai.