Virtualization Technology News and Information
Druva 2021 Predictions: Vulnerability Comes At a Price - Ransomware Grows, Developing into Extortionware

vmblog 2021 prediction series 

Industry executives and experts share their predictions for 2021.  Read them in this 13th annual series exclusive.

Vulnerability Comes At a Price - Ransomware Grows, Developing into Extortionware

By Drew Daniels, CIO & CISO, Druva

There are many lessons learned from the COVID-19 pandemic. For starters, the vast and rushed shift to remote work environments may have been necessary, but it's haste often left many data protection and security questions unanswered. These rapid migrations opened up endless opportunities for data breaches and ransomware attacks -- and they're only growing exponentially. The pandemic ushered in an era where data management and protection could no longer be an afterthought or optional. It's now required to safeguard organizations' most valuable assets.

In 2020, ransomware continued to demonstrate why it's the most significant threat to cybersecurity. In fact, 51% of respondents said they were hit by ransomware in the last year, according to Sophos's The State of Ransomware 2020 Report. Ransomware attacks are increasing across industries, touching everything from aircraft manufacturers and elementary schools, to the highest levels of our federal government, and of course, hitting the sensitivity of our healthcare industry and essential workers.

The existence of ransomware alone is a threat to all. To best protect organizations everywhere, it is more crucial than ever to be mindful of where ransomware is most likely to present itself, what industries are most vulnerable, how to protect against it and how to react when an attack strikes. With malicious actors investing substantial time into perfecting their threat tools, there isn't a more perfect time to hone our data protection tools and make sure certain assets are safe when the time comes.

While all organizations are at risk while working remotely, healthcare will likely be the most targeted industry in the next year. As R&D organizations scramble to distribute and continue studying a COVID-19 vaccine, this scrambling to act quickly means sometimes we miss subtle signs that bad actors will similarly be scrambling to make a profit. These individuals and groups are already targeting medical research laboratories, big pharmaceutical corporations, biotechnology companies and third-party companies that healthcare works with, as these organizations are storing troves of invaluable vaccine and patient data. Bad actors suspect that because of the criticality of their work it is easier to settle (pay the ransom) than to fight to avoid; giving the bad actor the perceived advantage.

Biotechnology, pharmaceutical and medical organizations will have to step up their cybersecurity posture in order to keep up with the wave of new attacks. I have no doubt their security teams have all of the best tools available, but as we must always remind ourselves, humans are the weakest link in our security chain. Therefore, they (and we as a collected security industry) must continue to focus on core values such as user education, phishing simulation, data protection/backups and testing all of these systems and practices.

In 2020, threat groups continued to hone ransomware tactics while in 2021, the focus will be pressuring victims to pay and if they don't, then extorting stolen and sensitive patient data in order to gain the largest profit possible. Everyone will need to focus on data recovery, but the threat surface is dynamic. Protection and recovery must be included in any strategy because successful attackers are taking multiple approaches, while also threatening to expose exfiltrated data.

A strong data protection architecture is key to ensure endpoints aren't cluttered unnecessarily with sensitive or confidential data like PII. Instead, the focus should be on backing up such data, and then restoring it temporarily at a future time, if and when required. Additionally, organizations should think about more aggressive reminders or even penalties for not following data lifecycles, which is important to minimize exposure risks.

As studies have shown, ransomware is big money. With cryptocurrencies flourishing and their traceability minimized or completely unavailable, coupled with continued payments from victims (despite all warnings otherwise) the attackers and bad actors will continue their assault. Unfortunately, as data's value continues to rise, so does the profit in exploiting, exfiltrating, stealing and selling it.

We will inevitably continue to see ransomware in 2021 and beyond. People and organizations that are willing to circumvent the system, and feel their data is more important than others, will find a way. The Treasury Department, and their urging against the payments of ransoms, can only do so much, and even if they manage to clamp down on this anymore than security leaders have already done, the unfortunate truth is where there's a will, there's a way. This is the same reason why despite the continued insistence not to pay ransoms, ransomware has only grown. The reality is people pay, which in turn encourages more bad behavior.

Data protection is paramount for business resiliency. With the amount of organizations continuing to operate remotely, ensuring that sensitive data is backed up off-site is critical for business success, and can make or break a company's reputation if an attack does hit. As we continue to perfect our data storage practices, cyberattackers will continue to perfect their threat mechanisms.

In the new year, it is critical for organizations to keep their ransomware recovery practices top-of-mind and prioritize exemplary data storage solutions. We should not only expect ransomware to become more prominent, but for the stakes to become much higher. This development only further signifies the need for comprehensive data protection and backup solutions -- and this by itself takes planning, proactivity and strategy.


About the Author

Drew Daniels 

Drew brings a passion for helping companies scale global operations, success implementing robust security protocols, and more than 20 years of experience to Druva. At Druva, Drew focuses his time on efficient operations processes, identifying security risk and leading the technical operations functions. Prior to joining Druva, he was the global CSO and CIO at Qubole, where he led the company in achieving SOC2 Type II, ISO-27001 and HIPAA compliance, while also helping the company grow revenue by more than 5X, significantly reduced costs across all operational areas and achieved a number of significant milestones with customers and partners.

Drew has co-authored two books on the topics of networking, security and the domain name service, and also works within the international community as a non-profit board member and advisor for organizations whose mission is to develop the next generation of technology professionals.

Published Tuesday, January 12, 2021 9:17 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2021>