When it comes to cybersecurity, the world of cybercrime has come into its own over the past decade. Today, it is one of the largest industries in the world, worth hundreds of billions of dollars a year, and it has grown on the basis of its profits to a level of sophistication that has surprised many people and companies. . Card data theft, cryptocurrency mining machines, and identity theft remain significant challenges, but few areas have become as lucrative for criminals or as wonderful as ransomware. As with any market-oriented business, ransomware hackers have continued to expand their approaches to a level hitherto ignored. Social engineering methodologies have picked up speed, and a world filled with misinformation and fear surrounding COVID-19 has opened up a multitude of opportunities for cybercriminals to abuse. More recently, ransomware hackers have also introduced new types of threats. Around the world, companies are increasingly subject to data protection laws, such as those launched in the EU with the introduction of GDPR in 2018. Measures like this mean that it is not only the loss, but also the exposure of data. customer data, which has become a concern for IT departments and board members. This was demonstrated by the Veritas 2020 UK Databerg report, which showed fear of data loss and compliance breaches as the top cloud computing concerns right now (55% and 54% respectively).
Cybercrime attacks
Legal non-compliance, combined with the additional fear of financial and brand damage, has become a central lever in cybercrime attacks when seeking to extort business. In addition to ransomware attacks that make critical data unavailable through encryption, it is becoming increasingly popular for criminals to exfiltrate data and threaten its online exposure as a way to blackmail businesses. According to some reports, more than 11% of ransomware attacks in Q2020 XNUMX involved data theft by criminals rather than just data encryption. It's not the only way ransomware has evolved, either: the type of data hackers target is also changing. The EKANS virus that hit Honda in early June is a perfect example. Rather than target application data, which is more likely to be protected, EKANS specifically targets ICS data, which may not have historically been part of a ransomware protection strategy. As such, you must ask yourself the question: how many other types of data could become ransomware targets, and how do you successfully protect it? Other emerging trends include dark web auctions of data that has been exfiltrated, possibly for use by competitors or simply exploited for personal identification purposes. After-hours attacks have also become increasingly popular, to ensure a minimal presence of security personnel to help combat the situation effectively. Perhaps the worst end result of this development is an increased trend toward creating state-sponsored attacks to undermine a country's commercial infrastructure.Prevention is not enough
Protection against ransomware comes in many forms, but at its simplest, it's torn between preventing malware from entering the network in the first place (antivirus software, data monitoring, and employee training cybersecurity course) and then being able to to react appropriately. and quickly when an attack is successful. For too long, companies and individuals have devoted most of their time and energy to the former, with some success. Unfortunately, the evolution of ransomware, including increasingly sophisticated social engineering methodologies, means that companies cannot rely solely on prevention. Computer security will always be vital but, above all, it is the human aspect of the equation that opens up the risks. This may be due to a miscalculation of the data to be backed up or the data to be encrypted; or simply human error in getting caught up in a phishing attack and allowing the malware to enter the network in the first place. Businesses must assume and prepare for attacks to succeed. Data protection in the form of a trusted and proven backup is the obvious answer, but even that doesn't protect against data exfiltration and abuse. For that, the only answer is encryption. Using encryption at rest as a defense against malware is something that should never have gone out of style when data is in transit, encryption remains best practice. However, there is strong evidence to suggest that data is not encrypted at rest, with one report suggesting that less than 10% of cloud service providers encrypt data once it is on their servers. It may seem obvious, but it means that it is an open season on more than 90% of the data stored in the cloud in the event of an attack.The data challenge
There is always a challenge, of course. A large number of companies do not know what data they have. The Veritas UK Databerg 2020 study shows that 80% of data is obscure or ROT (redundant, obsolete or trivial). This makes it nearly impossible to know what, where, and how to back up, let alone what data should be considered sensitive or risky enough to be encrypted as part of the storage and backup process. This is clearly reflected in a 2019 study from the Ponemon Institute in which 69% of companies said that simply determining where sensitive data resides in the organization is the biggest challenge in implementing encryption. A combination of data reporting (incorporating identification, labeling, and classification), data encryption, and a reliable backup seems like the only sensible way to protect against ransomware attacks. Businesses need to know what data they own and actively protect it the right way without overlooking the workloads associated with risk. Then, when all that hard work is done, they need to test their systems for any unexpected gaps or weak spots.What else can companies do?
Beyond that, there are still precautions companies need to take. Ransomware attacks are also becoming increasingly focused on their methodologies, as evidenced by the increase in corporate email spear-phishing or compromise attacks compared to basic barrage and spray attacks. When the reward could be millions of dollars tax free, the additional research required for the attack is well worth it. Employee training at all levels is essential. Can you be sure that all of your employees, from C-level to entry-level, know the difference in how to recognize a ransomware scam attempt? Managing and storing the encryption keys themselves is also essential. It may seem obvious, but all too often the encryption keys are stored in the same place as the encrypted data. It's like leaving your spare house key under the flower pot on the front door. It may not be visible to the naked eye, but the most cursory investigation will uncover it. The history of ransomware is a constant game of cat and mouse in which attack and protection tools are constantly evolving in a battle to outdo each other. The first half of 2020 has already been a time of opportunity for hackers, where forced changes to enterprise architectures have opened up a huge wave of new vulnerabilities to target. It is imperative that companies now outpace hackers in their own abilities, coming back with immutable and protected data policies that keep their businesses safe.- Ian Wood, Senior Director, UK CTO and I, Veritas.