- Security TWENTY
- Women in Security
Are you fully covered for a ransomware attack? asks Neil Stobart, Vice President, Global System Engineering at data storage and protection firm Cloudian.
Of all the cyber threats facing modern businesses, ransomware is the one that is continuing to grow at an alarming rate. According to one report, 2020 saw a seven-fold increase in the number of detected ransomware attacks compared to 2019, much of which was driven by the Covid-19 pandemic. For both public and private sector organisations, ransomware is a major challenge that won’t disappear anytime soon. It can circumnavigate traditional network and user security approaches, making protection difficult. Hackers are increasingly using social engineering and phishing to dupe authorised users into providing their access security credentials, giving the attacker authorised access to the systems on the network. It’s like handing a burglar your front door keys and letting them know how long you’ll be out.
Then there is the insider threat — the disgruntled employee who already has access rights to key IT systems and has the capability to delete or encrypt data as an act of retribution.
With ransomware attacks continuing to increase – and typically causing significant financial and reputational damage – businesses are understandably looking closely at either taking out or expanding their cyber insurance policies to provide financial protection in the event of an attack.
However, with a growing number of attacks comes a larger number of insurance claims. And with security commentators suggesting insurers could be inadvertently contributing to the rise in ransomware attacks by “funding organised crime”, it is clear additional steps need to be taken to protect organisations and deter cyber criminals.
There are clear financial drivers for businesses to do so. In some cases, ransomware attacks are causing cyber insurance rates to increase by up to 25% – on top of all the costs associated with attack recovery. What’s more, businesses can see their claims denied, or even be refused cyber insurance completely, if they don’t put the right defences and processes in place to protect their data.
Amidst today’s threat landscape, a growing number of cyber insurance providers are increasingly requiring that certain technologies be implemented before they will underwrite a company’s policy. Just as a home insurance policy requires that the correct locks are installed and in operation, cyber insurance providers are insisting on suitable security and data protection controls to mitigate and recover from attacks.
Businesses must therefore ensure they have the right solutions in place that can keep backup data secure and accessible should active data be encrypted by hackers.
One of the technologies that can reduce the impact of ransomware attacks and eliminate the need to pay ransom to access one’s data is WORM (Write Once, Read Many). This gives businesses the tools to fortify their ransomware defences and more effectively protect their valuable data – regardless of the attack vector. WORM technology –specifically when implemented through an Object Lock storage solution – can provide a simple, reliable and scalable solution to ransomware, helping organisations minimise recovery costs and ensure business continuity. The technology enables data immutability by locking data on a storage device so that it cannot be changed or deleted within a defined period of time. This renders the malware ineffective, allowing companies to recover a clean copy of data in the event of an attack and avoid paying a ransom.
Although WORM isn’t necessarily applicable to all data, it is perfectly suited to backup data that typically won’t be changed. Every organisation should be completing daily backups which are retained for a certain time period to allow roll-back to a daily point in time. With WORM, a hacker that attempts to encrypt this backup data will be unable to do so, and the company will still be able to reload the data in a timely fashion. Simply put, maximum data loss exposure is limited to when the business ran its last backup.
If data can be quickly recovered without a ransom payment, it will make life harder for cyber criminals that have become extremely proficient at targeting corporate data. More importantly, it will make businesses secure and insurable – often for a lower premium – by satisfying the demands of insurers that take on cyber security policies and making it more likely that businesses get reimbursed in the event of an attack.
Ultimately, WORM technology provided through Object Lock empowers businesses to go beyond traditional ransomware defences by building immutability into their security infrastructure. This is now a key requirement for modern organisations, particularly with the range and quantity of sophisticated ransomware threats continuing to rise. By incorporating WORM technology, businesses will get peace of mind knowing that they are covered and that their data is protected.