Data loss of some magnitude is almost a certainty in any enterprise. The loss can be due to anything from a minor mishap by a user, a stolen laptop or a system-wide cyberattack, to a catastrophic natural disaster that wipes out an entire data center. A lot of security breaches that compromise data tend to get the attention of CTOs and other IT leaders only when those attacks hit them, someone they know or another business in their industry. In other words, they pay attention when an attack on data becomes personal.
Contending with malware and ransomware
Of all of the threats to data security that exist, malware and ransomware (also called cyberextortion) are on the rise and are becoming quite worrisome to CTOs and businesses leaders. Unless some form of anomaly detection is put into place, malware can actively gather sensitive data while going undetected for weeks or more.
Ransomware, which can also be active and go undetected for several days, is a tool for financial gain that is becoming popular in the dark, cybercriminal world. Perhaps the most troubling aspect of a ransomware attack is that the data doesn’t even have to be stolen. The perpetrator simply hacks into a system and encrypts the data to effectively lock out user access. The victim is then notified about the encryption along with detailed instructions to pay a ransom price for regaining access. If the ransom is paid within a specific time period, usually within 48 hours, the victim receives further instructions to download the single private key necessary to decrypt the data and restore access.
Victims of this hit-and-run form of extortion typically have little choice but to pay the ransom. If the payment isn’t made according to the instructions, or within the 48-hour window, the private key is destroyed, and the mechanism for making the payment no longer exists. The data remains encrypted and inaccessible, and the perpetrator simply fades into the ether in search of other data stores to attack.
Last year, the world was reminded of the dangers of ransomware when the WannaCry incident occurred. This ransomware attack infected 230,000 computers across 150 countries. The criminals behind the malware demanded payments of between $300 – $600 dollars for the decryption key. If an infected victim didn’t pay, they risked losing access to their data.
Would you pay? In a December 2016 survey by IBM, 70 percent of organizations claimed to have paid ransomware demands to get their data back. While the number is lower for individuals over businesses, over 50 percent of individuals said that they would pay if they were infected.
How can security teams best protect enterprise data against such threats?
Practicing good data-backup hygiene
Prevention may fend off some threats in advance, but the best defense against malware and ransomware boils down to following security best practices, especially for backing up data. After all, if critical, up-to-date data is properly backed up and stored safely, then the encrypted data can be expediently excised and replaced with the decrypted, clean backup data. No response to the extortion is necessary.
But traditional backup approaches are not sufficient for enterprises. Enterprise-scale organizations need to take an intelligent, multilayer approach that can dramatically minimize vulnerability and downtime while responding to a successful incident. It starts with a thoughtful assessment of your data stores and categorizing data based on its importance to the organization.
Which data set do you consider to be the crown jewels of your organization? Where is it located? Which data store is of minimal concern for your business if that data were to become compromised? This assessment requires open communication and collaboration between IT and line-of-business executives to render these kinds of threats impotent through intelligent backup and security for prevention and response.
Taking an offensive approach to security
Enterprises have several additional options to protect data. They can deploy advanced threat detection tools that analyze the behavior of suspicious files and uncover hidden malware without the malware being made aware of the detection. Two-factor authentication and role-based access control help ensure high levels of access security, particularly in cloud environments. And data encryption can be highly effective as a data threat prevention strategy, especially in multicloud environments.
Vulnerability scanning is another tool enterprises can use to perform periodic penetration testing to help ensure that web servers and networks are not vulnerable to attack. And for physical, virtual and cloud environments, isolated recovery solutions create an air gap in which an organization can isolate its most valuable data from the rest of the network. If the network is compromised, instances of data in this environment can be scanned and quickly recovered.
Threats against data are an ongoing challenge for enterprises. While no panacea for data protection is likely anytime soon, IT leaders can work with their business colleagues to provide a formidable defense by intelligently implementing a comprehensive, multilayered approach. Learn how you can go on the offensive to help safeguard your data without impact to productivity and operations.
Credits IBM Blog. #Activedgetechnologies Limited