At the Rubrik Data Security Summit, leaders from both the public and private sectors discussed an important topic: ransomware. Cyber threats continue to expand in both volume and sophistication with attacks growing at a rate of 150% annually. As attackers increasingly target backups, it will be even more paramount for policies and guidance from government agencies to match the security innovation of private sector businesses to mitigate the risks of this cyber pandemic head-on.
Many influential security leaders spoke at the Summit, including Chris Krebs, former Director of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA). Chris sat down with former Federal CIO and current Rubrik Federal Board Member Suzette Kent to discuss the intersection of policy and security innovation, and how that intersection can help address the critical infrastructure risk we all know as ransomware.
How did we get here?
Ransomware isn’t a new phenomenon, but it came to light in 2017 with very public attacks targeting cities and counties around the United States, including the city of Atlanta, Mecklenburg County, and the city of Baltimore to name a few. The big question is, how can organizations prepare and respond to these attacks?
Many organizations are missing the basics of securing their backups and not employing Zero Trust Architectures to protect their crown jewels: their data. Legacy systems aren’t enabling multi-factor authentication, ensuring users have the lowest level of access to data to complete their tasks, and encrypting their backups on immutable architecture. Without these essential capabilities, organizations are left defenseless and vulnerable.
The burgeoning ransomware economy and ransomware-as-a-service marketplace have emboldened hackers even more. Organizations relying on cyber insurance to bail them out of attacks further encourage and give hacking gangs more resources to advance and increase the sophistication of their attacks. Not to mention, as safe harbor states abroad fail to crack down on these hacking groups, organizations bear even greater pressure to ensure that their data is secure, infrastructure is resilient, and that their recovery is quick.
Ransomware is going to get worse before it gets better.
Where do we go from here?
What may have seemed like a minor threat has become one of the biggest causes of business interruption and now is the time to build a cyber resiliency and ransomware recovery plan.
CISA offers a guide that they refer to as their “Cyber Essentials” to enable leaders to understand, develop, and implement security best practices. Here are some of the top tips:
- Effective cybersecurity starts at the top. Ensuring your entire executive team, including your CEO, is making security a priority with every initiative is critical.
- From your executive team to your interns, a heightened level of security awareness across all functions and levels helps ensure there are no gaps for attackers to sneak through.
- You need to understand what is on your network and who is on the network at any given moment to ensure critical assets and applications are constantly protected.
- Limited access to administrative functions helps limit entry points to the highest form of permissions to business-critical data.
- Backup your data. If you fall victim to a ransomware attack without encrypted backups, recovery is in the hands of your hacker.
- If you are attacked, do your best to limit damage and restore to get back online quickly and minimize downtime
Developing a cyber resilience strategy
Once you have a solid understanding of the CISA Cyber Essentials, the next step is to develop a comprehensive cyber resilience strategy and ransomware recovery plan. One of the biggest delays to recovering from a ransomware attack is the lack of preparedness in the decision chain. Getting advance signoff from the executive team and Board of Directors on the incident response plan can help with a swift recovery.
In building out your plan, ensure that the security of backup data is included as an investment in faster incident response. A solid approach to investigation and sensitive data discovery can help get visibility into what has been impacted, how it has been impacted, and what you need to recover, quickly.
The Time is Now
There are some additional measures leaders can take into consideration outside of their technology stack that can help tighten your data security strategy. Every Board needs access to experts with a data security background: whether that’s from a technical background like a CISO or Chief Risk Officer or someone with a background in compliance and law. This helps ensure that data security is a top priority.
Once a cybersecurity advisory committee is in place, it is imperative to think about the greater threat environment: what data you have, and who might be interested in that data. We are in an age where everything is connected to the internet and potentially can be vulnerable. That also means taking a look at your third-party framework. Do you have a vendor in your supply chain who is vulnerable to an attack? Or a managed service provider? What risks are you bringing in when you bring a new supplier into your system?
Other security risks to consider:
- Boards must consider the tradeoff between opportunities and risks more deliberately
- High turnover in your talent pool could increase exposure to the risk of improper resources and funding they might need to execute your data security strategy.
- Look at your peer companies to see if they are being targeted. If your peers are being targeted, there is a high likelihood that you could be next.
Preparation for cyber attacks is key to business success. To learn more, view the Data Security Summit on-demand here.