The ransomware attacks, the number of bad guys or bad people who are trying to attack us is going up exponentially. We’re going to have to be on our toes, all the time because any time you go into a break these days - guess what? You get breached, and that’s not a healthy thing, for sure.
Nearly every day, news articles showcase big-name companies that became victims of cyberattacks and the hundreds of millions of dollars of loss it will have on their business. These headlines should not be surprising when you look at the data. The number of ransomware detected in Q1 2022 alone was double that of the whole year of 2021.
Ransom payments can cost millions of dollars without any guarantee that paying the ransom will restore impacted data fully intact. Beyond the cost of the ransom itself, attacks also result in downtime, lost revenue, recovery costs, reputational harm, regulatory compliance requirements, loss of customer goodwill, increased cyber insurance premiums, and more. All in all, total costs are often in the millions of dollars, with recoveries taking weeks to months. The impact is clear: when an organization’s data is down, its business is down.
A traditional approach to infrastructure security is not sufficient for this new era of ransomware.. Cybercriminals are successfully penetrating these layers of infrastructure security and getting through to your data. In this blog, we will expand on the importance of data security and a few of the best practices. Let’s start with the basics.
What is Data Security?
“Data is one of the most critical business assets, whether that's business data sitting in a database or user data and documents or email, you know, with data organizations can get back on their feet and data resilience and recovery are essential to managing risk.”
- Shawn Bice (CVP of Cloud Security, Microsoft) at Rubrik Data Security Summit
As data is increasingly the target of attackers, organizations need security at the point of data to keep data safe and recover it faster. The goal of data security is to make your data resilient against cyber attacks, continuously monitor risks to your data, and recover applications in just minutes or hours.
Data security requires several critical capabilities. First, data should be secured from insider threats or external ransomware attacks. This requires setting up air-gapped, immutable, and access-controlled backups. Next, to tackle external attacks, you should monitor it continuously for data risks, sensitive data exposure, and other indicators of compromise. And finally there should be a way to rapidly recover all your applications, files, objects with surgical precision while avoiding malware reinfection.
To withstand this growing prevalence of cyber attacks, organizations must adopt an “assume breach” mindset. The "assume breach" mindset is an approach to cybersecurity that shifts cyber defense from a passive stance to an active one. By assuming data breaches will occur, organizations must remain prepared and resilient, while continuously monitoring for threats throughout the environment. A zero trust architecture delivers the security controls needed to fulfill the requirements of an “assume breach” mindset. To start with, organizations should consider a few requirements when evaluating data security solutions:
Technical Requirements
Encryption: Is your data encrypted? Both at rest and in motion? Have you identified which data needs to be encrypted?
Immutability: Are your backup copies immutable? Is immutability native to the solution deployed or achieved through additional third-party integrations? Are non-native immutable copies resilient?
Logical Air Gap: Are your backups isolated from your other backups? Are your individual backups isolated from each other?
Access Control: Can you seamlessly orchestrate who gets access to your data? And what level of access do different individuals have?
Data Lock: Do you have control over data recoverability post-deletion? Can you access the deleted backups beyond the admin’s last action?
Zero Trust Retention Lock: Who can set up your data retention policies? How easy is it to change a policy once it is set? Are multiple authorizations required to change them?
Ransomware Detection: Can your current backup solution alert you about a potential ransomware attack? Does the solution have advanced machine learning algorithms that go beyond the daily change rate, as an input to detect anomalies?
Blast Radius: Can the solution give visibility of the impact of the attack at a granular level – e.g. the VMs or files impacted?
Orchestrated Recovery: Does the solution have inbuilt automation to provide an orchestrated recovery?
Business Requirements
Recovery Point Objective (RPO): How confident are you in your ability to minimize data loss by automatically taking backup snapshots regularly and adhering to retention policies consistently?
Recovery Time Objective (RTO): How long does it take to recover data and apps, and can recovery happen at a granular level? What were the RTOs when a test run for remediation was conducted?
Total Cost of Ownership: Is the solution cost-optimal to achieve the desired state of protection? Combinations of solutions using multiple tools or offline air gap solutions tend to increase the cost of ownership.
We can't afford any downtime. We can't afford to miss a game. We can't afford to have the eyeballs not on the court. So anything that is a threat to the production of play or to the hosting of a concert is really top of mind.
With the growing pervasiveness of cyber attacks and growing costs of cyber incidents, now is the time to invest in data security. Organizations who successfully invest in data security report numerous benefits, including but not limited to:
Avoiding data loss: a data security solution can help ensure that data is readily available for recovery whenever it is needed
Avoiding regulatory compliance failure: a data security solution can help provide the confidence that unnecessary exposure of sensitive data is limited
Avoiding a ransom payment: a data security solution can ensure rapid recoverability thereby eliminating an attacker’s ability to blackmail an organization for ransom
Avoiding business downtime: a data security solution can help minimize the time when access to critical data and applications is denied
To learn more about Data Security, check out this paper from ESG on why Data Security is the key to defeating ransomware attacks.