Understanding what data is at risk during a ransomware attack is the first and most critical step to take, in order to prevent a large-scale disaster. Ransomware extortionists attack the computer network with malware that encrypts every file, and then demands a large ransom payment to a “darknet” site before the decryption key is provided. If payment is not promptly sent, the criminals threaten to delete the decryption key and all the encrypted data will be lost forever. Even when a ransom has been paid, there’s no guarantee that the key will work to unlock the data. The question always exists on whether paying the ransom should be done or not.
Sadly, ransomware attacks have increased greatly and the estimated worldwide cost of these attacks in 2022 will be $20 billion yearly. According to IDC’s 2021 Ransomware Study, approximately 37% of global organizations reported that they had been the subject of a ransomware attack and many of those had devastating results of companies being shuttered, city governments crippled, and hospitals unable to serve their patients.
To be able to protect yourself from ransomware, you must first understand how cybercriminals infiltrate networks in the first place.
The Threat Lurking Insider Your Organization: Employees
The CISA defines insider threats as ‘the potential for an insider to use their authorized access or understanding of an organization to harm that organization.’ According to Check Point, 43% of all data breaches are caused by insider threats, intentionally or unintentionally.
The types of employees who cause insider threats can be broken down into 4 categories:
- Administrators and privileged users – These are privileged users who have a higher level of access to sensitive resources compared to others. Insider attacks taking advantage of this level are difficult to detect.
- Standard employees – These are users with limited access to sensitive resources. Employees at this level can still cause harm by misusing data. An example of this is the Twitter employee found to be using his access to user data to track political dissidents for the Saudi Arabia government in exchange for money.
- Contractors or third-party workers – These users include vendors, temporary employees, or business partners. This group is more likely to violate an organization’s cybersecurity rules and practices unknowingly. The rise of supply chain attacks demonstrate how cybercriminals target this group, who are more likely to be less secure, to target a larger organization they work with.
- Executives – These users have access to the most confidential and sensitive information. This information can be used for insider trading, government espionage, or misuse access for other personal gain.
But how are you to tell if an insider threat is intentional or not?
As outlined in StorCentric’s September: Insider Awareness Month, intentional and unintentional threats are defined as:
Intentional Insider Threats
Intentional threats happen when insiders take actions to harm an organization for personal benefit or in retaliation for a personal grievance. Some are motivated by these perceived grievances or by ambition or financial pressures, while others are feeding the designer for attention by creating danger or releasing sensitive information. Yet other times, intentional actors may even believe they are acting on behalf of the good of the public. In recent years ransomware groups have actively sought to recruit insiders.
Unintentional Negligent Threats
Unintentional negligent threats often happen when those who understand security or IT policies, but choose to ignore them, thinking nothing will happen. It could be allowing someone to “piggyback” through a security entrance point, or even misplacing or losing a portable storage device. These are behavior’s that can all be witnessed and corrected or prevented.
The good news is that most employees who are responsible for data breaches are not intentionally causing harm. Verizon’s Data Breach Investigations Report (DBIR) for 2022 highlights human factors, whether through stolen credentials, error, or phishing, as a critical component leading to data breaches. Human error is the leading cause of data breaches with 95% of cybersecurity issues traced back to human error, especially misconfigured cloud storage.
Steps To Mitigate The Risk of Ransomware
So, what can organizations do about these threats? The real issue is that most organizations need to have a second line of defense in place in addition to practicing good cybersecurity hygiene. There are a few simple steps organizations can take to help mitigate the risk of cybercrime.
- Employee Education in Cybersecurity – Teaching users not to visit unapproved websites or click on suspicious links within emails will help to minimize the risk of phishing scams. However, it is also impetrative users can identify false emails that look authentic and will often appear to be from legitimate websites asking for sensitive data. This is an easy way in for hackers and has been show to work with 83% of organizations experiencing a successful phishing attack in 2021, compared to 57% in 2020. Phishing training should be incorporated into cybersecurity training as attacks evolve, become more sophisticated, and increase year after year.
- Update, Update, Update – Regularly patching and updating the management tools on all network connected devices, including switches, servers, and personal devices, such as mobile phones, tablets, and laptops will create a more secure IT infrastructure. New malware exploits are now published within days of patches being available, so unfortunately your window of safety is getting smaller and smaller.
- Safe View – Find ways to establish non-native rendering of PDF and Microsoft Office documents, so that a browser or a custom app is always in safe view mode.
- Protect Your Data – Data protection needs to include protection from unauthorized from malware than has escalated to super-user privileges or have compromised the Active Directory server in some way. Because Assureon™ resists attempts by privileged accounts to change or modify files, any attempt to overwrite or encrypt a file merely creates a new version. By default, all versions are stored, but version-limiting options allow protection against attacks that attempt to consume all available storage space with unwanted and corrupt versions.
- Your Second Line of Defense – Assureon by Nexsan, a StorCentric company, includes automated integrity audits, file integrity, self-healing features, data availability, fingerprinting, private blockchain and real-time replication to insure data from ransomware attacks. Each of these features works hand in hand and have been utilized for over 15 years by organizations that not only needed data protection but had to meet requirements for regulatory compliance. Assureon as part of an Unbreakable Backup solution, protects all high-value unstructured data- all the way through the backups.
Using all of these preventative steps will certainly cut the frequency of successful attacks, but the only true protection for valuable data is to aggressively lock it down. By combining data security with data protection, cybercriminals will have a harder time infiltrating an IT system. To pay or not to pay should not be the question. Instead the focus should be on preventative measures and education.
Second Line of Defense: Unbreakable Backup
Data protection which reaches all the way to backups, which are an essential part of any organization’s data management strategy, is critical to any solution critical to data recovery in the face of a ransowmare attack. Backups have been the latest malware targets basically eliminating any chance of recovery.
Backups need to be stored securely while remaining accessible to the organization. At the same time, these organizations need consistent copies of data to maintain business operations in the event of failure. Nexsan’s, a StorCentric company, Unbreakable Backup storage solution, a combination of Unity™ and Assureon®, is a reliable way to manage backup data and unstructured data for all kinds of applications.
The driving force behind Assureon is the concept that some data is just too valuable to lose. This data is also too private to be breached and too essential to your operations to risk it being tampered.
Assureon® is an active data vault with immutable WORM storage and rigorous data integrity checks. It implements file locking, with restricted access controls, and stores at least two copies of the backup. Assureon does active-active replication so it can ingest backups from both sites, with bi-directional replication and access to data from the remote site if the primary site is not available. Additionally, Assureon provides independent self-healing capabilities and is completely policy-based with no other access mechanisms.
An additional advantage is that the Assureon provides the user an option to implement a tiered backup solution. The same backup can be maintained on a faster Unity tier and a secure Assureon tier for a chosen period. This enables fast restores in normal backup/restore scenarios. If backup tier capacity is a concern, shortcuts can be created for older file backups. This frees up capacity on the Unity while keeping the locked down, immutable backups on the Assureon readily available for access whenever needed, such as in the event of complete data loss.
The result is a completely secure, locked down, immutable, and Unbreakable Backup layer. Even administrators cannot tamper with locked down data in this layer – until the expiration of the policy that governs the secure backup. Such a solution ensures protection from data corruption and data loss. This solution guarantees data availability under the most trying conditions, even if the entire primary and backup deployments are compromised.
Flexible Deployment Options with Assureon Software
Assureon Software provides flexibility in implementation as a cloud, hybrid cloud, or on-premises solution. It adapts to your organization’s infrastructure and enhances the ability to secure protected backups in secondary sites of your choosing for business continuity and quick recover. No matter how you choose to deploy, Assureon will protect your unstructured data and backups from cyberattacks, user error, or compliance.
Secure your data backups with Unbreakable Backup so you can prepare for the worst and be able to easily recover from any cyberattacks. Learn more about Unbreakable Backup and Assureon by contacting us today!
About StorCentric
StorCentric provides world-class, award-winning, and data security focused data management solutions. The company has shipped over 1M storage solutions and has won over 100 awards for technology innovation and service excellence. StorCentric innovation is centered around customers and their specific data requirements, and delivers quality solutions with unprecedented flexibility, data protection, performance and expandability. For further information, please visit: www.storcentric.com.
About Nexsan
Nexsan® is a global enterprise storage leader, enabling customers to securely store, protect and manage business data. Established in 1999, Nexsan has earned a strong reputation for delivering highly reliable and cost-effective storage while remaining agile to deliver purpose-built storage. Its unique and patented technology addresses evolving, complex enterprise requirements with a comprehensive portfolio of unified storage, block storage and secure data protection. Nexsan is transforming the storage industry by turning data into a business advantage with unmatched security and compliance standards. It is ideal for a variety of use cases including Government, Healthcare, Education, Life Sciences, Media & Entertainment, and Call Centers. Nexsan is part of the StorCentric family of brands. For further information, please visit: www.nexsan.com.