Over the last few years, ransomware has emerged as a new threat for businesses. In case you are that rare person who has not heard about ransomware, here’s a quick one line summary. Ransomware constitutes of infiltrating corporate data centers and encrypting the business data. The attacker then asks for a “ransom” to provide the keys for decryption.
It is no secret that ransomware has been gaining momentum. According to Cybersecurity Ventures, attacks are occurring every 11 seconds and in 2021, ransomware cost the world $20 billion in damages -which was 57X more than it was in 2015. Thanks to the rise of Ransomware-as-a-Service (RaaS), ransomware has become mainstream because practically anyone can launch an attack.
RaaS gives cybercriminals the ability to use malware for a percentage of the funds while remaining completely anonymous. Even those who lack the technical skills to develop the malware and deploy the attack on their own can attack your business. In 2020 almost two thirds of ransomware attacks came from cybercriminals operating on a RaaS model.
Ransomware attacks are quickly evolving. With emerging strains like Conti, cybercriminals are encrypting, corrupting, and deleting backups before compromising as much production data as possible, which makes recovery a gruelling challenge. Meanwhile, advanced cyber criminals are now targeting the software supply chain so they can compromise your security without even breaking in.
The continued evolution of ransomware attacks
Ransomware attacks are maturing, which means companies have to prepare for new types of attacks, which include:
- Gaining control of the environment – Bad actors are taking over company emails and phones because, as an insider threat, they can thwart your protection and recovery processes. Insider threats are steadily increasing and costing businesses upwards of millions annually.
- Detection avoidance – Cybercriminals are encrypting data more slowly, targeting only portions of files, and maintaining file size and type to avoid existing anomaly detection. This is making it light years more difficult to identify malicious activity.
- Exfiltration of data – Bad actors are increasingly pulling data out of your environment and threatening to post it online or sell it. This essentially destroys a company’s last line of defense, and further incentivizes payment.
- Targeting more than files – With data more fragmented than ever before and increasingly at risk, there will be a rise in attacks on SaaS applications such as Salesforce and Microsoft 365, virtual machines (VMs), and cloud native applications.
Ransomware will remain a problem for years or decades to come. While there isn’t one foolproof solution to this troubling problem, according to industry analysts, businesses can prevent or mitigate over 90 percent of ransomware attacks with sound security fundamentals, including an effective backup and recovery strategy.
While ransomware prevention technology is improving, so is ransomware sophistication and hence, businesses also need a mitigation plan, that is, a plan to recover data from a backup copy in case a ransomware attack bypasses the preventive measures. Without a recovery plan, your business can be offline for weeks or months. Unfortunately, most organizations are depending on a decade-old disaster recovery plan that they have never tested and there is no protection without a recovery plan. Attacks will continue to be better masked, more comprehensive, and more vicious, so the protection must be broader, simpler, and more operationalized. Here’s where companies need to realize the importance of data resiliency.
So far, the IT professionals have looked at data protection and data security as two separate problems.
Data resiliency is emerging as a new term to cover both data protection and data security. Data resiliency enables availability and access to business data in the face of any incident including a ransomware attack. Data resiliency shifts the data protection discussion from passive to active. Data protection is just trying to create a copy of the data; data resiliency is always being ready to recover quickly. Data protection waits for the customer to identify data loss or attacks; data resiliency proactively identifies, alerts, and responds to problems. Data protection covers a business against threats like user errors and system failures; data resiliency goes beyond data protection and covers against data security threats (ransomware, insider threats).
In today’s tumultuous cyber threat environment, large enterprises and SMBs need a comprehensive approach that shifts from data protection to data resiliency. With situations like hybrid work culture, the rise of economic crisis and the ever-increasing dynamic geopolitical landscapes around the globe, there is a massive potential for threat actors to continue to attack using different ransomware strains. It is important, now more than ever, for organizations to adopt cyber resilient solutions that keep the backup safe from encryption and deletion and recover clean backup data in the event of an attack.
Views expressed above are the author’s own.