Data loss of some magnitude is almost a certainty in any enterprise. The loss can be due to anything from a minor mishap by a user, a stolen laptop or a system-wide cyberattack, to a catastrophic natural disaster that wipes out an entire data center. A lot of security breaches that compromise data tend to get the attention of CTOs and other IT leaders only when those attacks hit them, someone they know or another business in their industry. In other words, they pay attention when an attack on data becomes personal.
Contending with malware and ransomware
Of all of the threats to data security that exist, malware and ransomware (also called cyberextortion) are on the rise and are becoming quite worrisome to CTOs and businesses leaders. Unless some form of anomaly detection is put into place, malware can actively gather sensitive data while going undetected for weeks or more.
Ransomware, which can also be active and go undetected for several days, is a tool for financial gain that is becoming popular in the dark, cybercriminal world. Perhaps the most troubling aspect of a ransomware attack is that the data doesn’t even have to be stolen. The perpetrator simply hacks into a system and encrypts the data to effectively lock out user access. The victim is then notified about the encryption along with detailed instructions to pay a ransom price for regaining access. If the ransom is paid within a specific time period, usually within 48 hours, the victim receives further instructions to download the single private key necessary to decrypt the data and restore access.
Victims of this hit-and-run form of extortion typically have little choice but to pay the ransom. If the payment isn’t made according to the instructions, or within the 48-hour window, the private key is destroyed, and the mechanism for making the payment no longer exists. The data remains encrypted and inaccessible, and the perpetrator simply fades into the ether in search of other data stores to attack.
In the weeks before publishing this blog post, the world was reminded of the dangers of ransomware when the WannaCry incident occurred. This ransomware attack infected 230,000 computers across 150 countries. The criminals behind the malware demanded payments of between $300 – $600 dollars for the decryption key. If an infected victim didn’t pay, they risked losing access to their data.
Would you pay? In a December 2016 survey by IBM, 70 percent of organizations claimed to have paid ransomware demands to get their data back. While the number is lower for individuals over businesses, over 50 percent of individuals said that they would pay if they were infected.
How can security teams best protect enterprise data against such threats?
Practicing good data-backup hygiene
Prevention may fend off some threats in advance, but the best defense against malware and ransomware boils down to following security best practices, especially for backing up data. After all, if critical, up-to-date data is properly backed up and stored safely, then the encrypted data can be expediently excised and replaced with the decrypted, clean backup data. No response to the extortion is necessary.
But traditional backup approaches are not sufficient for enterprises. Enterprise-scale organizations need to take an intelligent, multilayer approach that can dramatically minimize vulnerability and downtime while responding to a successful incident. It starts with a thoughtful assessment of your data stores and categorizing data based on its importance to the organization.
Which data set do you consider to be the crown jewels of your organization? Where is it located? Which data store is of minimal concern for your business if that data were to become compromised? This assessment requires open communication and collaboration between IT and line-of-business executives to render these kinds of threats impotent through intelligent backup and security for prevention and response.
Taking an offensive approach to security
Enterprises have several additional options to protect data. They can deploy advanced threat detection tools that analyze the behavior of suspicious files and uncover hidden malware without the malware being made aware of the detection. Two-factor authentication and role-based access control help ensure high levels of access security, particularly in cloud environments. And data encryption can be highly effective as a data threat prevention strategy, especially in multicloud environments.
Vulnerability scanning is another tool enterprises can use to perform periodic penetration testing to help ensure that web servers and networks are not vulnerable to attack. And for physical, virtual and cloud environments, isolated recovery solutions create an air gap in which an organization can isolate its most valuable data from the rest of the network. If the network is compromised, instances of data in this environment can be scanned and quickly recovered.
Threats against data are an ongoing challenge for enterprises. While no panacea for data protection is likely anytime soon, IT leaders can work with their business colleagues to provide a formidable defense by intelligently implementing a comprehensive, multilayered approach. Learn how you can go on the offensive to help safeguard your data without impact to productivity and operations.
As I was following up on GDPR requirements and the implications, it got me thinking into what it means for traditional backup and data protection functions within IT organizations. Up until now, data protection has been an important but often IT-level task. However, in the new data-driven economy, data protection is now a business objective, […]
Business demands for trusted digital experiences and greater agility are two of the strongest currents driving business transformation and modernization these days, especially in the mainframe arena. This week, IBM is announcing a single-frame IBM Z built on an industry-standard 19” form factor, designed to create a low-cost, secure cloud infrastructure and capitalize on new […]
The problem-solving principle known as “Occam’s razor” states that the simplest solution is usually the best one. Essentially, this type of thinking helps explain the growing interest in Non-Volatile Memory Express (NVMe) over an Ethernet environment. Adoption rates are accelerating for mobile and social systems of engagement, big data and real time analytics, and many […]