Reverse Discovery Mitigates Ransomware Risk

“Recoveries are taking longer, and firms are losing more data… I&O professionals must step up their game.”


Ransomware Risk

Of particular concern is the threat posed by ransomware, defined by Gartner as “type of malware that encrypts your important files…making them inaccessible. Even more insidious is that practice of some ransomware criminals to target the backups as well as primary sources of data so as to compromise recovery.”

Who’s at risk?

An IDC survey found that more than one-third of organizations reported a ransomware incident—an attack or breach—which prevented access to data or systems during the last 12 months. Some ransomware victims experience multiple events.

Everyone from the largest of major corporations to a local insurance brokerage is vulnerable. And the penalties are severe: in one case, the ransom was in the ballpark of the smaller firm’s annual revenues!

The capabilities required to both mitigate the risk and assess the impact at the time of the attack

For many years, disaster recovery professionals at GTSG have utilized our Application Decomposition processes, supported by dependency & business process mapping tools alongside focused workshops to fully understand the applications, databases, and servers required to support a business process.

Sometimes, we find mismatched recovery plans: for example, with our help, one major financial services firm discovered

  • Ten major applications with a 1-Hour RTO, and
  • Three significant applications with 4-Hour RTOs

…that were necessary for 5-minute RTO business activities.

Recently, the script has flipped

Ransomware risk brings a new level of concern about the breadth and impact of a single breached server in a business process.  Forrester tells us that very few- if any- organizations have prepared to answer these questions.

The ability to quickly assess the true breadth and business impact is critical: the ransom demand requires immediate and decisive attention.

GTSG’s thirty years of experience with business process and dependency mapping enable us to help with the tactical analysis required to assess the breadth and business impact.

Years ago, we did this work manually and successfully moved large data centers. Today, we use Matrix42’s FireScope.

Using FireScope’s persistent discovery capability, we can work with our clients to help capture the information they’ll need to have – real-time, at their fingertips – an understanding of the impact of such an event. Does the attack impact a mission-critical process? Or does the server hold data that the client doesn’t even back up? The response would be quite different.

We opened with a word of advice from Forrester, and let’s close with another, which expresses GTSG’s desire for I&O to embrace collaboration with security to prepare for what can accurately be called “the inevitable.”

Generally, security pros…quarterback…the overall ransomware response. But I&O teams and the tools they operate play an integral part…I&O and security teams must maintain touchpoints… Silos will prove disastrous. Unity is hard, but it wins every time.

* * * * *

For many years GTSG has helped our clients to architect Disaster Recovery solutions from the mainframe to the cloud. If we can help you to build a foundation to protect yourself against ransomware- or any other interruption in IT service – please write us at