Ransomware is insidious. It is constantly evolving with new variants appearing literally every 18 seconds. That’s 4800 new ransomware code every single day or more than 1.75 million per year. This is a multi-billion USD business. It’s organized criminality and frequently state sponsored. The profits to cybercriminals are compelling.

The rapid rise and evolution of malware, especially ransomware has changed data protection forever. The conventional wisdom has been for years that the best way to defeat malware and ransomware is to have a good clean backup. The malicious actors behind malware in general and ransomware specifically know this and are now both attacking backups and using them as an attack vector. Multiple overlapping data protection systems provide more potential attack vectors that compromise security.

Compliance has moved from a secondary consideration to a primary one. The emergence of personally identifiable information (PII) regulations worldwide with harsh financial penalties has changed the data protection landscape. Multiple overlapping data protection make compliance much more difficult by duplicating processes that increase the probability of non-compliance.

Data is the crown jewels of every organization. Failure to protect it from loss, outages, theft, human error, malware, ransomware, and natural disasters is fiduciary irresponsibility. Just as threats to that data have ramped up increasing at an alarming rate, many IT pros have come to believe more is better. More backups, more data protection systems, and more frequency (shorter RPOs). The reality has proven to be a lot more problematic especially when it comes to recovery processes.

When you think of GDPR fines, you probably think of companies like Google (€50 million in January of 2019), Facebook (£500,000 in October of 2018) and Equifax (£500,000 in September of 2018 ).

The traditional 3-2-1 backup process has been ballyhooed as an effective defense against ransomware, but that is no longer the case.