The sad facts of ransomware are that no-one is immune and attacks are impacting hospitals, schools, government, law enforcement agencies and businesses of all sizes. The increased frequency – and scale – of attacks has organisations thinking differently about their approach to ransomware. According to the FBI, ransomware attacks have increased 35-fold in 2016, resulting in an estimated $209 million paid out every quarter.
In addition, there has recently been a string of very public web services hacking events that have created question marks about the threat of storing data in the public cloud. More worryingly, we only know the publicly reported instances of such hacks.
In 2012, Dropbox was compromised by an internal phishing attack targeted at a Dropbox administrator. The event took four years to come to light, as the entire dataset – with hashed and salted passwords – appeared for sale on the dark web in 2016. The company put through a password reset prompt for users whose password had not changed before mid-2012, saying afterwards that the move had protected all impacted users.
In 2014, Yahoo! was breached by state-sponsored hackers who managed to get access to 500 million user credentials. In this case, two years passed before the breach became public knowledge only after the credentials were offered for sale to the public in 2016.
These events underscore the value of target-rich environments that attract the efforts of the world’s cyber-criminal and state-sponsored espionage community. User credentials are sold by the fraction of a penny, so commercial hackers must focus their energies on the world’s largest websites and cloud storage repositories in order to be successful. What’s worse, the increasing occurrences of these hacks is evolving the conversation around SaaS security from if to when.
The proportions have reached pandemic scale but of further concern are the delays between first breach and public notification. The delays beg the question: how long will it take to find out about the hacks that are happening right now?
What we do know is that all of the major cloud storage SaaS companies share some aspect of the data management and security management with their customers. Not one of them can claim to allow their customers to enjoy exclusive ownership of their data, their metadata, their encryption keys and their access credentials. For a certain class of security-conscious enterprises, this is fundamentally unacceptable. Gartner agrees, where in the 2016 IT Market Clock for the Digital Workplace it said: “Organisations with strong requirements for data protection, or those with strict regulations about data location and residency or complex data manipulation requirements, should focus on private cloud or on-premises EFSS deployments.”
How to safeguard your organisation
There are several countermeasures organisations can implement to fight back against crypto-malware:
Step one: Secure the perimeter to minimise the chance of breach: Patch your operating systems and keep your operating systems up to date. This is imperative. Then educate employees about the threat of ransomware and the role they can play in protecting the organisation’s data, disable macro scripts from office files transmitted over email, and limit access to critical and rapidly-changing datasets to only need-to-know users.
Step two: Backup all files and systems to avoid paying ransom to recover from crypto events. Then backup your endpoint and backup your file servers, and implement lightweight, optimised data protection tools that minimise recovery points.
Using very granular file sync and backup procedures, affected organisations with innovative safeguards in place have minimised their recovery points to as little as five minutes – versus 24 hours or more with alternate measures. With the right data protection tools, organisations can successfully save themselves from paying hundreds of thousands of dollars in ransom and minimise the period of business outage, while protecting their corporate reputations.
For the last 20 years, the market has been conditioned for daily backups. Whether we’re talking server or endpoint backup, in both cases file storage systems have been built for relatively lax backup intervals because backups have been expensive, requiring lots of CPU, lots of storage and too much time, and organisations haven’t had to deal with an explosion of file-locking malware attacks.
The use of legacy backup software in an organisation becomes a major issue for organisations where knowledge workers are continuously storing data on PCs and file shares. For example, an organisation that has 1,000 knowledge worker employees with file access by power users and IT teams has all of its files shares vulnerable. Daily backup using legacy tools leaves 24 hours of work unprotected which equates to 2.73 many years of cumulative lost productivity.
That demonstrates how legacy backup tools can have real costs for organisations that are routinely faced with crypto-ransomware. Modern backup solutions, including CTERA’s, can enable organisations to achieve a finer degree of backup interval granularity through the use of global, source-based deduplication, incremental-ever versioning and the ability to track file changes without doing full system scans. That said – default settings for even the most efficient tools are anywhere from four to eight hours, which is nearly a full business day. Therefore, the same problem essentially persists.
The only way we can put an end to this ransomware pandemic is by building the right safeguards that eliminate enterprise vulnerability and end the need to pay cyber-criminals to access our data and our systems. Whether you choose CTERA tools or any number of other approaches to safeguarding your organisation, do take steps now so you’re prepared because it is now a case of when, not if, an attack will happen.