Recent ransomware disruptions have had significant implications for all enterprises.
- The Colonial Pipeline attack caused shortages in gasoline, jet fuel, and diesel that gripped East Coast businesses.
- A more recent attack, over the Independence Day holiday, was mounted by a Russian-language group that calls itself REvil, an abbreviation of “ransomware evil.” The immediate victim was a Florida company that provides managed services remote control software to companies that manage technology for thousands of smaller firms -- firms that don’t have the technology or people to manage their own systems. By getting into that supply chain of software, REvil was able to hold, as “hostage”, up to 1,500 companies, including grocery chains, pharmacies, and European railroad systems.
- South Korean hosting firmNayana was attacked by ransomware which led to thousands of hosted customer websites on its servers going offline for weeks. Not all were recovered -- even after a one-million-dollar ransom was paid.
Ransomware continues to attract the national and geopolitical spotlight, under the rubric that it’s not likely a question of “if” your organization will become a victim of ransomware but “when.”
Modus Operandi
Conventional ransomware campaigns that target individuals often deny access to arbitrary files that are not necessarily important to the victims. The result, in many cases, the victims will not pay the ransom, and the recommendation is usually not to pay. With enterprises, chances are victims will be more likely to succumb to the ransom request, as the stakes might be too high.
More recently, ransomware “specialists” are working to target a company’s most sensitive, lucrative information, zeroing in on those parts of a company where sensitive and critical data is stored, enabling the extortion of potentially huge sums of money.
As cybercriminals target enterprise infrastructure with ransomware, the damage can be extensive and long-lasting. These types of attacks not only threaten customer data on a provider’s servers, but completely undermine trust in that service. Data isn’t just at risk of being published, but being changed permanently, threatening its integrity.
Add to the mix the fact that more enterprises are shifting to the cloud, or to the hybrid cloud, or even in and out of the cloud. As that landscape shifts, ransomware will continue to become a challenge to the concept of the secure cloud. For example, while connecting branch offices directly to the internet greatly improves agility and reduces costs, in an unmanaged situation, it also significantly increases security risks. Plus, the scale of growth in the area of IoT presents its own significant risks when managing a security policy.
When enterprises rely more and more on outsourced cloud and colocation platforms for infrastructure, it’s critically important to assess what ransomware protection and recovery capabilities those providers deliver. There are some positive signs, though: Security tools are getting better at blocking common malware. Organizations are doing a better job at patching security breaches, especially those aided by data center security and technology.
Thwarting Downtime
While security technology proliferates and customers require more advanced IT functionality to support capabilities like big data analytics, hyper connectivity, IoT convergence and automation, effective security architectures are very difficult to build. This creates complexity, increases risk and drives up costs. Handling these kinds of incidents and or breaches creates downtime for the small business or enterprise. The value of that downtime can get costly.
Even when damages or downtime occur, this does not only translate to direct revenue loss, they open a can of business disruption worms that also include reputational damage and customer churn.
The good news, however, is that data center partners have experience across thousands of clients and have thwarted a multitude of security breach instances that better prepare them to help identify and avert ransomware issues. It’s all in a day’s work -- and doesn’t create headlines. Technologically, there are some promising signals. The security tools that block common malware are making a dent in that category. Trojan-type malware that peaked at just under 50 percent of all breaches last year has since dropped to 6.5 percent.
Those enterprises that employ well-established, scalable, managed security platforms can provide added layers of protection against ransomware. Services like file integrity monitoring and configuration scanning that can detect latent threats before they can be exploited. The enterprise, often working in tandem with a data center partner, can aggregate IT security; OT security; physical security; supply chain security; product management security; and health, safety, and environmental programs into a centralized organization and governance model. With DRaaS and backup services, they can help expedite recovery in the event of an exploit.
The overall solution combines effective prevention technology, a unified security policy, and an operational model that is realistic to implement within reasonable staffing and budget levels. Protection of the enterprise demands a holistic approach that evaluates security tactics, compelling an architected approach that prevents cyberattacks and ransomware attacks before they happen.
Remember, it’s a matter of “when” not “if.”