How CIOs Can Protect Data Against Ransomware Attacks in 2022
Ransomware has become one of the most dangerous and high-profile problems facing CIOs and CISOs worldwide. A recent U.S. Treasury Department report linked nearly $600 million in transactions to ransomware payments in “Suspicious Activity Reports” financial services firms have filed to the U.S. government in the first six months of 2021.
Almost a quarter of healthcare organizations that were hit with a ransomware attack in the last two years said they had increases in the patient death rates in the aftermath. This finding adds to a growing list of data showing that cyberattacks aren’t just causing financial or logistical problems, but they can be fatal.
In the coming year, CIOs will focus on enabling changes to their data, cybersecurity, and cloud strategies—all while keeping an eye on hybrid work models and consumer privacy. As organizations continue to gather more data than ever before, the surface area of risk, and subsequently the blast radius, will exponentially increase when an incident materializes.
Today, the biggest mistake most security practitioners make is treating ransomware attacks as any other cyber attack. The T-Mobile data breach made huge headlines in August of this year when the telecom network confirmed at least 100 million current and former customers had their information stolen by hackers. Stolen data included names, addresses, social security numbers, security PINs, driver's licenses numbers, and phone numbers—all of which fall under Personally Identifiable Information (PII).
The threat actor claimed to have hacked into T-Mobile’s production, staging, and development services two weeks prior to the event, including an Oracle database server containing customer data, sources told the Bleeping Computer. This was the fifth time the mobile carrier announced a major cyber incident, and the latest came on the heels of two attacks in 2020, one in 2018, and another in 2018.
This series of events highlights that the cybersecurity landscape continues to get more treacherous, despite the fact that companies shell out a tremendous amount of money on security tools and technologies. Research firm Gartner forecasts that by 2024, a cyberattack will damage critical infrastructure that a member of the G20 intergovernmental forums will reciprocate with a declared physical attack.
Here, we share 4 ways CIOs can effectively protect their company data against the rising tide of ransomware.
1. Establish a Zero Trust Mindset
A Zero Trust architecture should be at the center of every security strategy. Zero Trust assumes there is no implicit trust granted to assets, user accounts, microservices, or data based solely on their location. Under a Zero Trust policy, every user and transaction must be validated before access to an enterprise resource is granted, even for a legitimate operation like encryption.
Increased automation, especially when it comes to your data, can eliminate risk points and better support a zero trust strategy. For instance, data automation tools like Delphix enable teams to automatically discover sensitive information, such as names, email addresses, and credit card numbers, across a broad range of data sources and irreversibly replace that with fictitious data while maintaining referential integrity for development, testing, and analytics purposes.
2. Make Your Information Systems Resilient
Businesses need to rigorously test their defenses and recovery plans through tabletop testing exercises. Organizations use tabletop testing to assess and validate the company’s response process from beginning to end, and the primary goal is to use the exercise findings for future preparation and minimize damage to their mission-critical IT assets during a ransomware attack.
Teams will likely discover key gaps, namely that their backup solutions may be insufficient and can actually take a longer period of time to recover than what the business can tolerate. Companies need a more comprehensive solution (than traditional once-a-day backups) that can automate the full recovery of applications, including underlying databases, using a tool like Delphix.
In any event, backups are the first thing to go, so it’s imperative to ensure that your information systems are resilient and equipped to perform the intended functions in case of any eventuality.
3. Configure Endpoint Management
Part of the upswing in ransomware attacks is the tremendous growth of remote working due to the pandemic. Work from home setup is inherently less secure than managed access in an office setting because employees are not working within the organization’s perimeter network. It’s a much bigger attack surface. Employees hear fewer warnings about cybersecurity in the home setting, making it harder for them to make good decisions about security. This is more pronounced especially with modern bring your own device (BYOD) type of arrangements where there are a plethora of asymmetrical devices and networks. All practitioners have to ensure that the data is never transferred or accessed to unauthorized devices. Configuring endpoint management enables infosec teams to protect their data from being accessed from anywhere (internal or external).
4. Improve Your SOC
Any modern organization has a Security Operations Center (SOC), a requirement of the times we live in. In order to remain ahead of adversaries, enterprises need to have the SOC fully functional and advanced. It means being equipped with the latest tools, leveraging more automation, and adopting better Security Information & Event Management (SEIM) and better Security Orchestration, Automation, and Response (SOAR). Having these capabilities will help organizations stay ahead of the curve when it comes to sophisticated advanced persistent threats (APT), early detection of fraudulent activities, and any ongoing reconnaissance.
A New Ransomware Attack Happens Every 11 Seconds
When it comes to ransomware, every second hurts. The reality is this: Cyberattacks are increasing and the impact of every attack is growing. In a world where hackers can easily reconnaissance systems, delete existing backups, and use encryption to bypass security controls, CIOs need to rely on these best practices and address cybersecurity with a holistic approach to every threat.
Learn how to solve the ransomware challenge with Delphix and drive continuous data protection and automated application recovery.