Industry executives and experts share their predictions for 2021. Read them in this 13th annual VMblog.com series exclusive.
Vulnerability Comes At a Price - Ransomware Grows, Developing into Extortionware
By Drew Daniels, CIO & CISO,
Druva
There are many lessons learned from the
COVID-19 pandemic. For starters, the vast and rushed shift to remote work
environments may have been necessary, but it's haste often left many data
protection and security questions unanswered. These rapid migrations opened up
endless opportunities for data breaches and ransomware attacks -- and they're
only growing exponentially. The pandemic ushered in an era where data
management and protection could no longer be an afterthought or optional. It's
now required to safeguard organizations' most valuable assets.
In 2020, ransomware continued to
demonstrate why it's the most significant threat to cybersecurity. In fact, 51% of respondents said they were hit by
ransomware in the last year, according to Sophos's The State of Ransomware 2020
Report. Ransomware attacks are increasing across industries, touching
everything from aircraft manufacturers and elementary schools, to the highest levels
of our federal government, and of course, hitting the sensitivity of our
healthcare industry and essential workers.
The existence of ransomware alone is a
threat to all. To best protect organizations everywhere, it is more crucial
than ever to be mindful of where ransomware is most likely to present itself,
what industries are most vulnerable, how to protect against it and how to react
when an attack strikes. With
malicious actors investing substantial time into perfecting their threat tools,
there isn't a more perfect time to hone our data protection tools and make sure
certain assets are safe when the time comes.
While all organizations are at risk while
working remotely, healthcare will likely be the most targeted industry in the
next year. As R&D organizations scramble to distribute and continue
studying a COVID-19 vaccine, this scrambling to act quickly means sometimes we
miss subtle signs that bad actors will similarly be scrambling to make a
profit. These individuals and groups are already targeting medical research
laboratories, big pharmaceutical corporations, biotechnology companies and third-party
companies that healthcare works with, as these organizations are storing troves
of invaluable vaccine and patient data. Bad actors suspect that because of the
criticality of their work it is easier to settle (pay the ransom) than to fight
to avoid; giving the bad actor the perceived advantage.
Biotechnology, pharmaceutical and medical
organizations will have to step up their cybersecurity posture in order to keep
up with the wave of new attacks. I have no doubt their security teams have all
of the best tools available, but as we must always remind ourselves, humans are
the weakest link in our security chain. Therefore, they (and we as a collected
security industry) must continue to focus on core values such as user
education, phishing simulation, data protection/backups and testing all of
these systems and practices.
In 2020, threat groups continued to hone
ransomware tactics while in 2021, the focus will be pressuring victims to pay
and if they don't, then extorting stolen and sensitive patient data in order to
gain the largest profit possible. Everyone will need to focus on data recovery,
but the threat surface is dynamic. Protection and recovery must be included in
any strategy because successful attackers are taking multiple approaches, while
also threatening to expose exfiltrated data.
A strong data protection architecture is
key to ensure endpoints aren't cluttered unnecessarily with sensitive or
confidential data like PII. Instead, the focus should be on backing up such
data, and then restoring it temporarily at a future time, if and when required.
Additionally, organizations should think about more aggressive reminders or
even penalties for not following data lifecycles, which is important to
minimize exposure risks.
As studies have shown, ransomware is big
money. With cryptocurrencies flourishing and their traceability minimized or
completely unavailable, coupled with continued payments from victims (despite
all warnings otherwise) the attackers and bad actors will continue their
assault. Unfortunately, as data's value continues to rise, so does the profit
in exploiting, exfiltrating, stealing and selling it.
We will inevitably continue to see
ransomware in 2021 and beyond. People and organizations that are willing to
circumvent the system, and feel their data is more important than others, will
find a way. The Treasury Department, and their urging against the payments of
ransoms, can only do so much, and even if they manage to clamp down on this
anymore than security leaders have already done, the unfortunate truth is where
there's a will, there's a way. This is the same reason why despite the
continued insistence not to pay ransoms, ransomware has only grown. The reality
is people pay, which in turn encourages more bad behavior.
Data protection is paramount for business
resiliency. With the amount of organizations continuing to operate remotely,
ensuring that sensitive data is backed up off-site is critical for business
success, and can make or break a company's reputation if an attack does hit. As
we continue to perfect our data storage practices, cyberattackers will continue
to perfect their threat mechanisms.
In the new year, it is critical for
organizations to keep their ransomware recovery practices top-of-mind and
prioritize exemplary data storage solutions. We should not only expect
ransomware to become more prominent, but for the stakes to become much higher.
This development only further signifies the need for comprehensive data
protection and backup solutions -- and this by itself takes planning,
proactivity and strategy.
##
About the Author
Drew brings a passion for helping companies scale global operations,
success implementing robust security protocols, and more than 20 years of experience
to Druva. At Druva, Drew focuses his time on efficient operations processes,
identifying security risk and leading the technical operations functions. Prior
to joining Druva, he was the global CSO and CIO at Qubole, where he led the
company in achieving SOC2 Type II, ISO-27001 and HIPAA compliance, while also
helping the company grow revenue by more than 5X, significantly reduced costs
across all operational areas and achieved a number of significant milestones
with customers and partners.
Drew has co-authored two books on the topics of networking, security and
the domain name service, and also works within the international community as a
non-profit board member and advisor for organizations whose mission is to
develop the next generation of technology professionals.