The Pervasive Problem
As we experienced with the recent ransomware attack on the Colonial Oil Pipeline, ransomware attacks can wreak havoc on the economy. The harsh reality is that organizations remain a step behind, not only when it comes to preventing ransomware attacks, but also to being prepared when they do occur. What is needed is a proactive security strategy that takes organizations from a one-time threat response plan to a strategic, proactive approach.
Holding Data Hostage – The New Ransomware Threat
Ransomware attacks initially focused on leaving an attacked system in an encrypted, and therefore unusable, state. The attackers would infiltrate a system, control the decryption key, hold the system hostage and demand payment.
Today there is a new aspect to the threat that makes ransomware attacks even more detrimental. Attackers have discovered that the data they are holding hostage on the systems they attack is an organization’s most valuable asset.
As a result, ransomware attacks today focus on holding the data itself hostage. This increases the risk of data and intellectual property loss exponentially on top of the system outages and operational challenges that come with these incidents. Attackers are keenly aware that organizations are often more willing to pay to keep attackers from making their sensitive data publicly available.
Protecting Systems – and Data – from Ransomware Attacks
Sotero recommends a three-pronged approach to protect systems from ransomware attacks, and from being operationally crippled if an attack does occur.
- Employee Training on Phishing Attacks
Organizations must conduct periodic employee training to help employees understand and identify suspicious emails or unsafe links. Equally important is to keep systems up to date, and even to force auto-updates if employees do not install updates in a timely manner. Lastly, employees should use VPN on public Wi-Fi networks.
- Perform Backups
Make sure data and systems are always protected by backing up via hard drives or by using backup software approved by the IT department.
- Protect Sensitive Data
Organizations must take steps to protect the data itself, which is the emphasis of Sotero’s data in use encryption solution. The challenge for organizations is that traditional data encryption solutions protect data only when data is at rest (disk encryption) or in transit via secure communication methods such as SSL and TLS. This leaves companies with significant vulnerabilities to ransomware attacks when data is in use or in motion.
Conversely, Sotero in-use encryption secures sensitive data when it is in its most vulnerable state – when data is in use and when data is in motion.
If data is stolen, Sotero eliminates the ransomware attacker’s tactic of holding the key to the stolen data and locked systems, as the data the attacker has stolen is encrypted by Sotero, and the organization owns the encryption keys – even if the data is store in the cloud. This prevents attackers from accessing or releasing an enterprise’s data even after they have stolen it.
The attacker is no longer able to use the stolen data as leverage for requesting ransom. What the attacker gets is an encrypted data set that is useless and cannot be used for ransom, enabling organizations to protect their data from ransomware attackers is in rendering this data useless even when stolen.
Ransomware attacks have evolved from not holding systems hostage to holding data hostage. Though smart on the part of attackers to recognize the value of data, this also opens opportunity for organizations to protect against attacks more effectively – by employing technologies, such as in-use encryption, that are purpose-built to take a data-first approach to securing sensitive data even if the data is stolen by an attacker.
For more on in-use encryption, we invite you to read the in-use encryption white paper.