Ransomware attacks today have become more sophisticated and can have more massive consequences than ever before. The attack against ChangeHealth earlier this year, for instance, cost more than $872 million, tied up thousands of hours of employees’ time and disrupted operations at hospitals and pharmacies for over a week. And that’s just the tip of the iceberg. The full impact of this attack is still being felt and will continue to reverberate. Organizations have to be on high alert to make sure their business-critical data is always protected and that they remain operational without impacting customers — even in the event of an attack.
To stay future-proof, organizations are beginning to realize the value of adopting a new way of protecting data assets known as a cyber resilience approach.
Three recent technology developments have turned standard cybersecurity measures on their head.
Attackers are getting better at exploiting the vulnerabilities of flawed immutable storage. To create a truly immutable system, organizations must deploy solutions that prevent deletion and overwriting of data at the foundational level.
Immutably alone can’t stop exfiltration attacks because they don’t rely on changing, deleting, or encrypting data to demand a ransom. To defeat data exfiltration, you need a multi-layered approach that secures sensitive data everywhere it exists. Most providers have not hardened their offerings against common exfiltration techniques.
Relying solely on immutable backups won’t protect data against all the current and emerging ransomware perils. It’s time for organizations to move beyond basic immutability and adopt a more holistic security paradigm of end-to-end cyber resilience.
This paradigm includes the strongest type of true immutability. But it doesn’t stop there; it includes strong, multi-layer defenses to defeat data exfiltration and other emergent threats such as AI-enhanced malware. This entails creating security measures at every level to shut down as many threat types as possible and achieve end-to-end cyber resilience. These levels include:
API – Amazon shook up the storage industry when it introduced its immutability API (AWS S3 Object Lock) six years ago. It offers the highest protection against encryption-based ransomware attacks and creates a default interface for common data security apps. In addition, the S3 API’s granular control over data immutability enables compliance with the strictest data retention requirements. For the modern storage system, these capabilities are must-haves.
Data – Stopping data exfiltration is the goal here. Anywhere sensitive data exists, organizations need to deploy strict data security measures. To make sure backup data can’t be accessed or intercepted by unauthorized parties, what’s needed is a hardened storage solution that has many layers of security at the data level. That includes broad cryptographic and identity and access management (IAM) features.
Storage – Should an advanced hacker get root access to a storage server, they can evade API-level protections and gain unfettered access to all the server’s data. There are sophisticated AI-powered ways to defeat authentication that can make attacks like this harder to defeat. A storage system must make sure data is safe – even if a bad actor finds their way into the deepest level of an organization’s storage system.
Next-gen solutions address this scenario with distributed erasure coding technology. It makes data at the storage level unintelligible to hackers and not worth exfiltrating. It also enables an IT team to completely reconstruct any data that was lost in an attack or corrupted – even if several drives or a whole server gets destroyed.
Geographic –When data is stored in one location, it’s especially susceptible to attack. Bad actors try to infiltrate several organizations at once by attacking data centers or other high-value targets. This raises the odds of actually getting the ransom. Today’s storage recommendations include having many offsite backups, geographically separate, to defend data from vulnerabilities at one site.
Architecture – The security of storage architecture determines the security of the storage system. That’s why cyber resilience must focus on getting rid of vulnerabilities located in the core system architecture. When a ransomware attack is in process, one of the first things an attacker tries to do is to escalate their privileges. If they can do that, then they can deactivate or otherwise bypass immutability protections at the API level.
If a standard file system or another intrinsically mutable architecture is the foundation of an organization’s storage system, its data is left out in the open. The risk of ransomware attacks at the architecture level increases if a storage system is founded on a vulnerable architecture, given the explosion of malware and hacking tools enhanced by AI.
AI-powered ransomware attacks are on the rise, rendering many traditional approaches to protect backup data ineffective. Immutability is a must, but it’s not enough to combat the increasing sophistication of cyber criminals – and not only that, but most so-called immutable solutions aren’t. What’s needed today is end-to-end cyber resilience that addresses five key levels to help organizations future-proof their data security strategy.
Recent Articles By Author