Ransomware has the dubious honor of being not only obscenely expensive to deal with, but also capable of doing more damage than the average sane person can quite imagine. The good news is that it is possible to organize a strong defense against ransomware.
This is partly a matter of security basics, like maintaining strong passwords and segmenting networks. Data security deserves more attention in this regard because the defense of data is the essence of ransomware mitigation. Yet, protecting data is often treated as an afterthought in anti-ransomware strategies. This needs to change, especially now that new countermeasures can reduce data’s vulnerability to ransomware.
Understanding the full impact of ransomware risks
There is more to ransomware than ransoms. Yes, the basic mode of attack involves an attacker encrypting your data and demanding a ransom before decrypting it. However, the unfortunate reality is that many additional risks arise with a ransomware attack. Some are obvious, but others are invisible and dangerous. For example, a ransomware attack can also encrypt all sorts of infrastructure components and system software, paralyzing your entire business.
Ransomware attacks typically leave implants behind, too. The attack is a breach of your networks and systems. Once an attacker has penetrated a network for a ransomware attack, they are going to leave bits of malware embedded wherever they can so they can come back and do more damage whenever they want. These implants can be difficult to find.
Data exfiltration is also a big risk with ransomware. It’s not wise to assume that a crook who breaks into your network and encrypts your data for ransom is some sort of honorable person. He or she will steal your data, too. Then, it becomes a matter of figuring out what got stolen, whom to notify, and so forth.
Managing ransomware risk: a data perspective
Protecting data should be a top priority in ransomware mitigation. Exfiltration risk is one factor. Data destruction is another. As many ransomware victims have learned, the decryption key never comes, even after the ransom has been paid. This might be because the attacker has no “honor” (big surprise!), or simply because the decryption tool doesn’t work. These people aren’t geniuses. They may not have done the encryption in a way that is reversible.
The best practice is to identify the most sensitive and high-value data and provide the highest degree of protection for it against ransomware. This may involve careful backup policies. Strong access controls are also essential. For any sensitive piece of data, who has access to it? Is the access control list up to date? Ideally, sensitive and high-value data will not be open to unauthorized users. This sounds simple enough, but executing such a policy is challenging to do efficiently.
Getting efficient at managing the risk
Efficiency emerges as the big challenge with securing data against ransomware. It sounds great to control permissions and know precisely where all sensitive data is stored. In reality, this will not work if the countermeasures have to be applied manually. No security organization is big enough to do that consistently.
Rather, it is necessary to automate the process of identifying the location of sensitive or high-value data and ensuring that it is properly protected. For example, an important file might have “too wide” access characteristics. Too many users can see it, so a ransomware attacker can surely get to it. An automated data security solution can shut down unnecessary access rights.
The same kind of solution may also be able to monitor data access in real-time, making it possible to alert security teams that a ransomware attack is taking place. For example, the solution might notice that so many files are being encrypted in a short period of time that it indicates, at a minimum, that something suspicious is happening.
Ransomware attacks are extremely harmful, but their worst impacts can be mitigated with the right tools. It is a best practice to concentrate on protecting the most valuable data assets as part of a ransomware defense strategy. Implementing the right policies, however, takes automated and data security solutions.
Lee Kappon is a data security expert and was listed on Forbes’ 30under30 list. She is the CEO & Co-Founder of Suridata, a startup company that is developing the next-generation data protection solution.
Forbes Israel Contributors are independent writers that were individually picked by Forbes staff. The writers are experts in their field and they provide professional commentary and analysis of current events. The content is unsponsored