First of a three-part series on how to protect critical data against cyber attacks.
Considering how the cyber threat landscape has evolved over the past few years, it’s tempting to feel nostalgia for the days when attackers were teenagers and their goal was simply to make mischief.
Cybercrime is now big business. While many attacks like ransomware focus upon financial gains for the hackers, increasingly these attacks involve organized crime, state-sponsored bad actors and professional thieves who carry out data theft or destruction on a massive scale – in short the stakes have never been higher. Two-thirds or 67% of chief information security officers told Ponemon Institute that they believe they’re more likely to suffer a cyberattack this year than in previous years.
Traditional data protection strategies like backup and disaster recovery are no longer effective protection against sophisticated new threats which target a company’s most valuable data and that can paralyze organizations by rendering their data unavailable or wreaking havoc upon their IT infrastructure.
Among the new cybercrime elements that IT organizations must cope with include:
Massive scale – A few years ago, the theft of one million customer records was headline news. Today it’s commonplace. The number of annual data breaches by malicious outsiders has nearly doubled since 2013, according to Gemalto. A single attack on the credit reporting bureau Equifax last year compromised 145 million records, or nearly half of the adult population of the United States. The scope of today’s breaches is breathtaking.
Destructive intent – A new breed of professional cyber criminals focuses on neutralizing businesses by destroying or encrypting their production data or freezing their infrastructure. Whether motivated by ideology or financial gain, their goal is to do as much damage as possible to cause loss of business, damage a company’s reputation or to weaken a competitor.
Targeted theft – Some professional and state-sponsored hackers set their sights on trade secrets, intellectual property, proprietary software and financial data with the goal of neutralizing competitive advantage and causing short- or long-term damage to the victim’s stock price.
Rapid proliferation – Ransomware was the fastest-growing form of malware in 2017. It works by encrypting data and demanding a ransom payment in exchange for a decryption key. Victims shelled out more than $2 billion in ransoms in 2017, double the amount of the previous year. Once ransomware invades a single computer, it can spread like a virus, taking down entire networks and even backup servers. Paying the ransom doesn’t guarantee recovery.
Insider theft – The most difficult threat to your business may come from disgruntled or dishonest employees. One-quarter of cyberattacks are perpetrated by insiders, according to the 2018 Verizon Data Breach Investigations Report. With the proper access, Terabytes of critical data can quickly be downloaded onto a thumb drive or malware installed that enables unfettered access to corporate networks and critical data to those wishing to exploit or destroy it. Insiders are also in the best position to corrupt production data or backup tapes stored onsite, which can further cripple a business when trying to recover from an attack.
Most organizations have a data recovery strategy based upon a combination of disk, tape and cloud backup, with the choice depending on such factors as recovery time objectives (RTO), amount of data to protect and the sensitivity of that data. These traditional data protection strategies have their place, but they don’t address the full range of today’s new threats.
For one thing, conventional backup and restore times are slow, especially from the tape media that the majority of organizations still use in some capacity for backup. Full recovery may take several days. In one recent attack involving a large retailer, recovery times for some data was estimated at four weeks. While that may be acceptable for non-mission-critical data, today’s online and continuously available business environment permits few companies the luxury of long stretches of downtime. Imagine if your online banking app, travel reservation system or other interactive service or app you use daily or rely upon were unavailable for an extended period?
Backups are especially vulnerable to insider attacks. For example, some recent strains of ransomware target backup servers and tapes specifically. Backup software is typically non-discriminating, so malicious code may be archived alongside production data. Once stored, these programs may lie dormant until restored to production, at which time the cycle of destruction begins again. Malicious insiders also target backup servers to preserve the secret backdoors that they can exploit for future attacks. Because backups are usually performed on a regular schedule, insiders may target malware infections to attack during the process, corrupting data and rendering full recovery impossible.
In our global, data-driven, always-on business environment, creating (and testing!) a business continuity strategy in the context of today’s sophisticated attacks needs to incorporate data classification and a tiered approach to backup and recovery. Organizations should assess the mission criticality of data and assign data protection solutions appropriately. New options, such as isolated recovery, are purpose-built to provide the maximum level of protection against threats such as insider attacks, ransomware and other forms of cyberattacks.
In the second part of this series, we’ll look at how these modern data protection strategies / solutions work and where they fit into an organization’s business continuity strategy. It’s no longer a matter of “if” your company will be the target / victim of a cyber attack, but “when”. Are you prepared?