In June 2012, Deloitte conducted an online survey of 50 C-suite and other executives about cyber threat detection and response and found that almost 87% of the pollees expected the number of cyberattacks targeting their organizations to increase over the next 12 months. Furthermore, 65% of the respondents cited ransomware as their greatest security concern in the next year.
Ransomware attacks are not novel nor exotic. Knowing the dangers and the vulnerabilities, why is there such a lack of preparedness, especially with raised awareness that higher-level executives seem to have around cybersecurity issues?
There are several reasons for this. The sophistication of the attacks plays a large part. The fact that the attacks are evolving rapidly and are also making use of third-party software as carriers is something that many organizations are not ready for. This causes confusion that hackers easily take advantage of and exploit.
A second major reason is that ransomware attacks tend to attack two areas of the infrastructure that have traditionally been ignored – namely applications and data stored in files. The traditional belief that securing application access, securing sensitive attributes in structured stores, and relying on tried and tested mechanisms for infrastructure deployment (hardening) is leaving attackers with avenues to exploit to attack organizations.
The other thing that ransomware attackers are benefitting from is inadequate resiliency in terms of backups and recovery. Robust resiliency requires investments and resourcing. This is an area that normally is responsibility of IT operations, and not security departments. Lack of collaboration and budget concerns are typical drivers that impact this. Finally, the lack of a holistic solution is also a challenge.
But all is not lost. In recent times, the likely possibility of suffering from a catastrophic event that has the potential to either bring the organization to a screeching halt or can cause massive financial damage has caught the attention of the C-Suite.
From a security perspective, there probably is no other topic that is of higher priority in terms of security and operational readiness.
Hardening the organization to prepare for the process of withstanding and recovering from a ransomware attack requires both strategic planning and tactical readiness. Prioritizing the preparedness, minimizing the panic as well as investments all require the support and approval of the C-Suite. Having a well thought out plan and testing it in advance are critical in the event of an attack. A well planned out ransomware attack can potentially cripple an organization.
Following certain security posture steps can help prepare an organization to withstand a ransomware attack.
First off, security teams should take a data-first approach to their security posture. At the end of the day, an organization’s most valuable asset is its data. By looking into a data-centric security solution that starts with protecting the data, an organization can protect itself at the core of what matters most.
A threat vector may get past the network layer as it is a noisy space and beyond difficult to detect anomalies in, but if data is protected, a network breach will not gain much headway. Finding a next-generation data protection solution that utilizes a network approach, but at the data level, companies can protect what is typically most vulnerable.
Secondly, traditional data protection consists of encrypting data. However, traditional encryption solutions only protect data at rest or in motion, but not when data is being analyzed or queried. Next-generation encryption solutions have such cutting-edge technology that they can protect data by keeping it encrypted even while it is being analyzed or queried. This translates into an attacker not being able to obtain a ransom from an organization by threatening to leak or publicize its sensitive data, because any stolen or exfiltrated data will be encrypted and rendered useless.
Lastly, in addition to a highly sophisticated data encryption solution that keeps data encrypted throughout its lifecycle regardless of its location, it is important for an organization to ensure it has a sufficient backup solution in place to conduct periodic data and system backups. This way, even if a ransomware attack again encrypts an organization’s encrypted data, its hands are not tied.
With backups readily available and a technology in place to ensure any sensitive data is encrypted, an organization has successfully removed any leverage such an attacker may have had. Not only that, but an organization has saved any ransom pay budget that may have been set aside as a last resort. Lastly, cyberattack insurance fees will be lower with such data-centric security solutions in place.