Ransomware is becoming an epidemic for any collection or repository of data. Each day the attacks seem to be getting larger and more lucrative for cybercriminals. According to Europol’s annual report, the Internet Organised Crime Threat Assessment (IOCTA), file-encrypting malware attacks could become far more destructive as cybercriminals change their tactics.
The IOCTA lists ransomware as one of the most widespread and financially damaging cyberattack strategies. What makes these attacks particularly frightening is that , they are no longer just about financial gain; increasingly, they are about causing chaos.
Healthcare, local and state governments, and financial services are the verticals most frequently targeted, and recently we’ve seen in the news a number of hospitals having to turn away patients due to ransomware attacks. We’ve seen local governments and police departments almost shut down due to ransomware threats. Cybercriminals are becoming more efficient and are more specific about who they target in hopes of causing maximum damage.
How did we get here?
Data has always been valuable, but why the sudden rash of ransomware attacks? One simple answer is in the data we is that there’s simply more data living in more repositories, so the landscape of available attack vectors increases continuously.
As a business, you need to ask yourself, who can access our data and what data can they access? What is our most sensitive data and where is it located?
Visibility and data lifecycle management is key when identifying what is important and what you want to protect. Knowing this can help your business minimize the attack surface by keeping only the necessary data, and restricting access to sensitive information and high-value files.
Mitigating risk
While gaining visibility to your data and managing the data’s lifecycle it is a great place to start safeguarding against attacks and mitigating your risks, it’s only one aspect to consider. Unfortunately, human error, loose passwords, and lax authentication protocols all contribute to higher risk.
To help mitigate risk you should consider creating a more complex password, something with more than 10 characters with mixed cases, letters, and numbers. If two-factor authentication or multi-factor authentication is available you should absolutely be using it. Manage data access and enable or deny permissions by accounts, users or teams. This will limit the number of people who have access to privileged information. Also, be sure to encrypt your data both in transit and at rest. Often times the metadata is not encrypted, so be sure to not store sensitive information in your cloud storage metadata.
Being able to quickly identify if an attack has happened or is happening can also help minimize the damage of an attack and block it as soon as possible. A zero day is a key tool that can block known attacks, but also with machine learning, identify new types of attacks. Once you’ve identified your security shortcomings it’s important to address them as soon as possible. Europol stresses the importance of patching, especially when it comes to critical vulnerabilities.
Recovery process
Recovering from a ransomware attack can not only be pricey, but it could have a long term effect on your business’s reputation. The IOCTA report details how ransoms demanded can be in excess of one million Euros in some cases. And in some instances, there is no guarantee that you’ll be able to recover all of your files should you pay the ransom. That said, you want to be sure you are efficient in getting your business up and running to minimize the amount of downtime and money lost.
Unfortunately, an on-prem solution won’t work here. Constantly backing up your laptop is expensive, time-consuming and is a pain for user experience. It’s not a practical approach when you have tens of thousands of users. However, leveraging the cloud, and having your files properly structured in the cloud, with proper versioning and backups is the fastest way to get your business back on its feet in a timely manner.
Be proactive
With what we’re seeing in the market today, having a smart, cloud-based tool is not optional anymore, it’s a must-have. If possible, reduce your infrastructure footprint so that it gives you less to patch and update, making you less vulnerable to attacks.
Consider automating the way you manage your data life cycle; keep only relevant or regulated data and delete or archive the rest. Locate all your sensitive and business-critical data and ensure files are encrypted, with limited access to them. Doing these things can help you identify attacks as quickly as possible and recover from an attack quickly.
And as always, remember, compliance is and should be the starting point, not the finish line.
Security
via https://www.aiupnow.com
Help Net Security, Khareem Sudlow