Let Cybersecurity Dive’s free newsletter keep you informed, straight from your inbox.
Industry will soon face a reality where organizations are attacked every two seconds by threat actors that continue to evolve their tools and tactics. So now what?
Editor’s note: The following is a guest article from Sebastian Goodwin, chief information security officer at Nutanix.
Over the last decade, ransomware has become the de facto tactic of cybercriminals looking to make a quick buck.
And why not? Average ransomware payments are nearing the $1 million mark, and many criminal groups are now selling their tools and services on specialty ransomware as a service marketplaces.
With nearly every business already permanently connected to the internet, global ransomware damage is expected to reach an annual impact of $265 billion within this decade, according to estimates from Cybersecurity Ventures.
In practical terms, this means that we will soon face a reality where organizations are attacked every two seconds by threat actors that continue to evolve their tools and tactics.
Doing business in such a world can seem overwhelming, but modern cybersecurity approaches are working to keep up with the growth of ransomware.
As a result, CISOs looking to apply advanced thinking to ransomware defense can integrate new processes and tactics as they formulate their cybersecurity strategies.
Today’s ransomware can come from many specialized groups and threat actors. To make things more complicated, some criminal groups even sell their tools through a ransomware as a service business model, letting anyone with a bank account or cryptocurrency wallet automate ransomware attacks via the dark web.
Most common types of ransomware fall into six distinct categories:
The sheer variety and complexity of today’s ransomware landscape means that legacy antivirus software and firewalls are inherently ineffective, and relying on them alone can potentially cause enterprises to suffer from losses in productivity, data and – perhaps most importantly – customer confidence.
Without modern security practices, IT teams at affected organizations will spend fewer hours supporting development of new products and services and more hours on lengthy investigations of affected storage systems, data recovery and interfacing with emergency consultants and crisis managers.
Hacks against future hacks
One of the ways to modernize security is by proactively integrating protection capabilities directly into storage systems. This way, security teams can not only detect and lower the risk of attack, but also successfully recover structured and unstructured data while analyzing attack sources.
This approach also facilitates several capabilities that help future-proof systems against cyberthreats.
Common ransomware attacks encrypt large numbers of files, generating several read, write and rename events. Today, businesses can integrate built-in threat models to detect this type of activity and generate ransomware threat alerts.
Once anomalous behavior indicates an attack, configurable remediation policies trigger automated responses to block the offending client session or IP address.
By changing data to read-only as it is written into a storage system, enterprises can create immutable file sets and put a retention date on the immutable files to protect the data from any modification or deletion until the retention period passes.
Once written, the data cannot be modified or deleted, protecting the most sensitive data against malicious attacks and ransomware.
Isolating the management network from read/write traffic used by the data services greatly helps to secure the data residing on shared file storage.
More effective management across multiple virtual networks can also further reduce the attack surface and apply appropriate controls that prevent intruders from accessing critical data that resides in these networks.
Cyberattacks are inevitable, and ransomware is a significant – and growing – threat to all businesses. Today’s cybersecurity landscape requires enterprises to be more proactive in hunting threats, detecting and remediating them quickly in order to recover and restore operations in real-time, and responding to any resulting regulatory and legal claims efficiently.
While CISOs and their teams cannot completely prevent ransomware from targeting their businesses, the growing number of attacks underscores that now is the time to implement more efficient data management and security strategies to future-proof systems and establish protection for vulnerable centralized storage.
Editor’s note: This article has been updated to cite research from Cybersecurity Ventures on the estimated annual costs of ransomware damage.
Get the free daily newsletter read by industry experts
Physical keys with cryptographic protocols can deliver higher levels of assurance, but organizations shouldn’t conflate resistance with infallibility.
Threat actors lean heavily on phishing attacks, vulnerabilities in software and containers, and stolen credentials, according to top cyber vendor research.
Keep up with the story. Subscribe to the Cybersecurity Dive free daily newsletter
Keep up with the story. Subscribe to the Cybersecurity Dive free daily newsletter
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
Want to share a company announcement with your peers?
Get started ➔
Physical keys with cryptographic protocols can deliver higher levels of assurance, but organizations shouldn’t conflate resistance with infallibility.
Threat actors lean heavily on phishing attacks, vulnerabilities in software and containers, and stolen credentials, according to top cyber vendor research.
The free newsletter covering the top industry headlines