Why ransomware is on the rise and how organizations can protect themselves [Q&A]
Many high profile attacks in recent months have involved ransomware, notably the Colonial Pipeline attack. Worryingly some businesses seem willing to pay the ransoms too.
But why are these attacks on the rise and what can businesses do to protect themselves against them? We spoke to Clumio CEO, Poojan Kumar to find out.
BN: What are some of the reasons behind the rising number of cyber security attacks -- across all industries -- and what makes ransomware attacks extra malevolent?
PK: One of the main reasons behind the rising number of cyber security attacks is organizations not having a strong security posture and lack of sufficient protection against cyberattacks. This is caused by:
- Not having the right security and data protection tools
- Not having the right security focused skill-sets in the teams
- Lack of IT security best practices and workflow automation
- Lack of regular data security risk assessment
BN: Why are attacks becoming increasingly sophisticated and pervasive? Can you give us examples of why this is happening?
PK: The hackers, or bad actors so to speak, understand that in today's digital world data is the new oil. They are more focused than ever to break into organizations' intellectual property and/or sensitive information so that they can hold it hostage for ransomware purposes or use it as leverage against the compromised party.
The digital nature of today's infrastructure also means that compromising it could lead to shutting down an entire airport or an entire oil pipeline, which has such massive disruptive effect on people living in those regions, that the attackers typically get huge monetary benefits from the breach. Finally, cryptocurrency has also made it easy for the attackers to collect the ransom in digital forms that are untraceable, which makes it very difficult to find the whereabouts of the attackers. For example, Colonial Pipeline paid the ransom amount, of $4.4 million, in Bitcoin.
BN: Why are public clouds like AWS being targeted? What makes them susceptible to attack?
PK: Public clouds such as AWS provide a lot of benefits to organizations that adopt them, such as faster innovation, offloading the overhead of infrastructure management, ready access to the latest and greatest technologies, etc. As a result, most organizations have a mandate to move to the cloud and are rapidly moving their critical production data there. However, the public cloud is a very decentralized place as compared to an on-premises data center. Hence the data is scattered across multiple services, accounts and regions. This increases the attack surface significantly and thereby increases their vulnerabilities to cyber attacks.
Additionally, the data protection mechanisms in the public cloud are broken and have several security gaps; one is not providing a true air gap (or security domain separation) between production data and backup copies. This causes an attack on the primary account to eventually lead to the backup copy, completely compromising the organization's capability to recover its production data. In summary, the massive movement of organizations’ critical data to the public cloud, combined with gaps in cloud data protection, is causing these clouds to be a target of cyberattacks.
BN: What are some areas organizations need to focus on and strategies they can put in place to secure their data in the public cloud against threats from the inside and outside the organization?
PK: The best way to recover from a cyberattack is to guarantee that you have a valid and usable backup copy of the data that was compromised. This can be done by ensuring that backups are saved outside of the security sphere of the primary data. This is called having air-gapped backup data. By air gapping the backups, hackers, or bad actors, cannot get to it, thereby leaving open the path to a successful recovery from any account compromises.
Organizations should keep in mind that not all data protection solutions are created equal. They need to carefully evaluate their data protection strategy and select a solution, such as Clumio Protect, that delivers these key functionalities from a security perspective:
- Air gap backups
- Immutable backups, so that the backup copies cannot be modified even if bad actors somehow get access to it
- No delete option for backup data. This combined with immutable backups ensures that the backup data is well secured.
- End-to-end data protection of user data, in transit and at rest
- Organizations should have a public cloud data protection strategy that is:
- Simple to implement -- no additional software or hardware to install and manage. No upfront complex sizing required and it is a platform that adjusts/scales based on the organization's needs.
- Provides rapid recovery in the event of a data loss to ensure business continuity
- Provides all the key security functionalities mentioned above
And finally, they need global visibility into the cloud data protection plans so that organizations can quickly identify vulnerabilities, detect anomalies or outliers, and reduce wasted expense. It should be easy to show/validate that the organization is meeting its compliance requirements and is audit ready. The best solution will also provide organizations with actionable insights to optimize, secure and lower the TCO of their cloud backups.
BN: What should the industry be thinking about regarding security after the Colonial Pipeline breach (and ransom pay off)?
PK: This is a lesson for the industry to realize that no organization is immune to cyber attacks. Data and infrastructure breach can completely disrupt operations and delaying the process of getting back to business quickly is not an option for most… and could be detrimental to their existence going forward. As a result, many organizations end up paying off the ransom.
BN: What are some approaches that can improve/harden data security in the cloud?
PK: In addition to the details provided above for having the right cloud data protection solution, one of the basic approaches is to ensure that the security or data protection solution is built with a security-first mindset. For example, Clumio has completed many rigorous certification efforts including ISO 27001, SOC II Type 2, HIPAA and PCI DSS. This rigorous testing makes Clumio one of the most secure SaaS platforms out there.