With an all-pervasive digitisation over the past few years around both our personal lives as well as businesses, we are seeing an incredible increase in cybercrimes. With increased digitalisation by both enterprises and their customers, the need for organizations to protect their data from being held hostage has become critical as well. Enterprises must take measures to ensure the safety and security of sensitive information in such an environment. This confidential and potentially marketable data is worth billions of dollars, making it the prime target for cybercriminals. The cybercriminals of today have become well-organised and their attacks have become increasingly sophisticated. They are leveraging modern technology and business models to turn cyberattacks such as ransomware into a service.
By 2031, ransomware will cost victims USD 265 billion annually, and it will attack a business, consumer, or device every two seconds, predicts Cybersecurity Ventures. In this digital age, where enterprises can no longer operate without availability and access to data, hoping that you will not get exposed to a cyberattack is folly. Ransomware denies access to an organisation’s data until a ransom is paid. Enterprises must acknowledge the threat’s severity and implement adequate safeguards. They must deploy tools and institute processes to ensure their measures are tested to their limits.
Getting back on your feet, quickly
When a cyberattack like ransomware takes place, the enterprise should be able to resume operations, as quickly as possible. Downtime can lead to financial implications and loss of reputation due to legal troubles. Thus, the latest or last updated data needs to be recovered. In sectors such as financial markets and healthcare, the loss of data results in irreparable damage.
In 2022, a ransomware attack in the healthcare sector affected 4.11 million patients. The attack affected patients registered with the insurer, Aetna ACE, but the attack itself was carried out on the third-party vendor, OneTouchPoint. The vendor provided the insurer with printing and mailing services. While formulating a cybersecurity strategy, enterprises must also consider the data protection and governance principles on their vendor side.
Test the resiliency plans
Central to any cybersecurity strategy being developed is the role of the IT infrastructure teams and storage administrators in the secure storage and protection of data.However, formulating and implementing a strategy alone will not be enough, organisations must rigorously test their resiliency plans. It is essential to identify the cracks in the defences as a proactive strategy, even as learnings are applied reactively.
A key reason behind the rise of ransomware attacks is that the attack surface, the systems that are accessible and could be compromised, is massive and constantly growing. The larger the enterprise, the larger the attack surface, as the vulnerable endpoints and pieces of software being used are many. Any breach that occurs, thus must be quickly contained, and its impact as minimised as possible.
Merely adding more storage to a data centre is not the solution. Enterprises will need to incorporate immutable storage and encryption technology and optimize the recovery process. These components must be factored in while developing a cybersecurity strategy. The addition of an immutable capacity layer where critical copies of data are locked down, either in a secure zone in the data centre, near the cloud or public cloud, must be a key strategic component.
An immutable storage capacity protects data and stores backups. Hackers should not be able to get to the data and even if they do, should not be able to tamper with it. Hence, implementing a multi-layered data protection strategy is crucial.
Planning for more sophisticated attacks
The successful implementation of a data protection strategy allows for data to be made unchangeable both through automatic defaults and intentional design. There are proven methods to provide data protection, however, the automated tools available to cybercriminals have also become more sophisticated.
The most dangerous threats to enterprises are advanced persistent threat actors (APTs). These actors may take months to plan and execute their attacks. They adjust their tactics with precision as they encounter defences and new vulnerabilities.
Ultimately, the steps an enterprise takes to prepare will determine the impact of an attack. If prepared well, the organisation should be able to isolate the attack, execute recovery and get back to business.
However, it does not hurt to be cynical when it is a matter of cybersecurity. There is a seven-step programme an enterprise can perform annually to minimise such attacks.
As a start, take inventory to understand all the organization's connections, including all software and trust relationships with partners, any of which could be leveraged by an attacker. The next step is to assess the threat landscape to understand trends. Once this analysis is done, organizations should then review their tools and architecture and perform a gap analysis against emergent threats.
With all this information gathered, organizations should then review the response plan. Everyone should know their role in containing the threat. Decide ahead of time if negotiation will be considered, who will handle it, and what steps they can take. Develop a playbook of steps and contingencies that details what will happen in the minutes, hours and days, post-discovery. Businesses also need to consider if outside organizations are to be contacted and if so, which ones. They also need to outline the information that should be available to enable quick and efficient engagement.
Businesses should also take preventive measures. Users should be educated and trained in the latest practices as their cybersecurity hygiene is the best frontline defence. An organization’s data protection should also be reviewed periodically, and everything should be tested time and again.
While it may not be possible to stop a ransomware attack, it may still be possible to withstand one and certainly possible to deflect it and thwart its negative impact. Success hinges on taking the right steps to protect data against ransomware attacks, in today’s digital age, it is an essential part of any organization's cybersecurity strategy.
The article has been written by Hemant Tiwari, Managing Director, India, Hitachi Vantara