Protecting against ransomware attacks is a cybersecurity priority for businesses of all sizes. Ransomware encrypts data files or entire systems across an organization. Encryption blocks access to these assets and renders them unusable unless the victim pays a ransom sum demanded by the threat actor in return for a decryption key.
Aside from the chaos that ensues when employees can’t access the systems, apps, and data they need to perform daily tasks, modern ransomware attacks also risk having your company’s sensitive data published on the Internet. These double extortion attacks couple classic ransomware installation with data exfiltration to give extra leverage in demanding ransoms by threatening to publish stolen data assets.
The cost of ransomware is so high that one recent industry publication predicted businesses will lose $250 billion in these attacks by 2030. And their prevalence is so prolific that attacks happened every 11 seconds in 2021.
As sensitive business data increasingly gets stored in a distributed, multi-cloud infrastructure, the attack surface for threat actors to exfiltrate this data and use double-extortion ransomware increases. Furthermore, as the volume and diversity of data sources generated, collected, and stored by businesses grow exponentially, securing sensitive data stores is a complex undertaking.
This article highlights some actionable tips for ensuring your sensitive data stores are resilient from ransomware.
Ransomware is one of the most widely used cyber attacks. Its popularity among cybercriminals stems from its ability to become a profit-making endeavor.
Many victims feel they have no option but to cave in to the ransom demand, costing hundreds of thousands or even millions of dollars to an organization. Ransomware gangs are constantly innovating to find new ways to pressure victims. A dedicated ransomware strategy is vital in the fight against these ruthless attacks.
The increased focus by threat actors on sensitive data is a central driver of why protecting against ransomware is so essential. The threat of having your internal sensitive company assets, such as PDF reports, analytics spreadsheets, employee contracts, trade secrets, or proprietary code leaked online is destructive enough.
Layer the additional threat of sensitive customer information being leaked (e.g., protected health information, personally identifiable information, cardholder data), and the importance of a robust ransomware strategy becomes even more evident. Personal data loss can result in customers being further targeted by social engineering attacks, direct financial loss from fraud, and loss of control over personal information.
Ransomware gangs have set up dark web forums to name their victims and reveal the data exfiltrated from their environments. There’s no getting around the significant reputational hit that can soon follow in a ransomware incident.
As companies increasingly leverage cloud storage and infrastructure services for cost-efficient sensitive data stores, ensuring resilience against ransomware effectively across multi-cloud environments is more critical than ever.
The chain of events leading to eventual ransomware installation within an IT environment is often quite sophisticated and lengthy. But with the malware itself causing the damage in ransomware attacks, here’s a brief outline of the different methods deployed by cybercriminals in ransomware:
Keeping up with chaotic and decentralized data creation in today’s complex IT environments challenges businesses to the point that they do not know where their data stores are and what kind of sensitive information is inside. If you can’t see where your sensitive data is, you can’t adequately protect it.
The priority here is to automate the discovery of data stores and label data according to sensitivity levels. Empowered by this true view into your data stores, you can effectively secure data against ransomware and other threats without disrupting fast-moving modern development practices like DevOps.
There are divisions within the security community about the utility of data backups in a world of double extortion ransomware. After all, if threat actors first steal your data, then being able to restore from a backup won’t mitigate against threats to publish stolen data online.
The reality is more nuanced, though, because many ransomware attacks are still of the classic type. These attacks are conducted by smaller groups of less technically adept cybercriminals, focusing solely on encrypting systems and data rather than stealing it.
Backing up data regularly and being able to restore encrypted data stores is invaluable for your business operations and data security because there’s no guarantee paying the ransom will result in getting your data back.
Zero trust security removes any level of implicit trust in an IT environment so that all users and devices, regardless of whether they are located inside or outside the network, require continuous authentication and authorization.
With every new ransomware being a potential data breach, zero trust architecture helps to stop lateral movement across your network and ultimately shield sensitive data stores. Granular access controls help to protect data at rest stored on-premise or in the cloud.
A 2021 study found that 83 percent of businesses still fail to encrypt at least half of their sensitive data in the cloud. This issue stems partly from not having visibility into sensitive data stores (see point 1 again).
Increasing data resilience against ransomware means mandatory encryption for both data at rest and in transit. Encrypted data is unreadable to anyone who doesn’t have the key, which threat actors are unlikely to compromise because they’re stored in secure key management servers.
Firewalls get somewhat unfairly maligned as an outdated security mechanism. However, sophisticated next-gen firewalls provide valuable ransomware defence features. Regarding data protection, the capabilities to look for include SSL inspection, machine learning, sandboxing, locking down remote access, network micro-segmentation, and overall attack surface reduction.
The final tip to close the loop on this checklist is to use a Data Security Posture Management (DSPM) solution. These platforms not only discover and classify managed, unmanaged, and shadow data stores but also track movement of sensitive data in your dynamic environment while enabling an automated data inventory.
The security features in DPSM include detecting exposed sensitive data, data leakage to third parties and identifying anomalous data flows as quickly as they happen, which reduces the threat of ransomware threat actors exploiting these weaknesses to steal data.
Polar Security takes a comprehensive approach to ensure your data stores are resilient from ransomware attacks. The platform automatically detects and creates an inventory of all shadow and cloud-native data stores. You get complete visibility of your data flows and alerts for potential flows to data stores that ransomware can exploit. You can also prevent compliance violations by defining data boundaries and getting notified about potential cross-region sensitive data flows.