Ransomware attacks are among the most serious cybersecurity threats, with serious consequences for any organization that falls victim to them and are more sophisticated than ever.
The attack on ChangeHealth earlier this year, for example, cost more than $872 million, tied up thousands of employee hours, and disrupted hospital and pharmacy operations for over a week. And that’s just the tip of the iceberg. The full impact of that attack is still being felt and will reverberate for a long time to come.
Companies must remain vigilant to ensure that their business-critical data is always protected and that operations continue without impacting customers even in the event of an attack.
To remain future-proof, companies are increasingly recognizing the value of adopting a new method for protecting their data assets: the so-called cyber resilience approach.
Three reasons to rethink your data security model
Three recent technological developments have turned common cybersecurity measures on their head.
1. AI enables criminals to increase the volume and precision of their attacks. The UK’s National Cyber Security Centre found that AI gives attackers greater effectiveness, speed and sophistication. In the year following ChatGPT’s release, phishing activity increased by 1,265% and the number of successful ransomware attacks increased by 95%.
2. Organizations need to be careful about immutability washing. In other words, just because something is supposedly immutable doesn’t mean it really is. Most “immutable” storage solutions don’t provide true ransomware-proof security. Some solutions use regular snapshots to make data immutable, but this creates periods of vulnerability. Some solutions don’t provide immutability at the architectural level – only at the API level. But software-level immutability isn’t enough; it opens the door for attackers to bypass the system’s defenses.
Attackers are becoming increasingly adept at exploiting the vulnerabilities of faulty immutable storage. To create a truly immutable system, organizations must deploy solutions that prevent data deletion and overwriting at a fundamental level.
3. The rise of exfiltration attacks must be addressed. Today’s ransomware attackers don’t just encrypt data, they now exfiltrate that data. Then they threaten to publish or sell it if you don’t pay a ransom. Data exfiltration is part of 91% of ransomware attacks today.
Immutably alone cannot stop exfiltration attacks because they do not rely on modifying, deleting, or encrypting data to demand a ransom. To prevent data exfiltration, you need a multi-layered approach that protects sensitive data wherever it exists. Most vendors have not hardened their offerings against common exfiltration techniques.
Beyond Immutability: The Five Key Levels of End-to-End Cyber Resilience
Relying solely on immutable backups does not protect data from all current and emerging ransomware threats. It is time for organizations to move beyond basic immutability and adopt a more holistic security paradigm of end-to-end cyber resilience.
This paradigm includes the strongest form of true immutability. But that’s not all; it includes strong, layered defenses to prevent data exfiltration and other emerging threats such as AI-powered malware. This requires creating security measures at every level to eliminate as many threat types as possible and achieve end-to-end cyber resilience. These levels include:
API – Amazon disrupted the storage industry six years ago with the introduction of its Immutability API (AWS S3 Object Lock). It provides the highest level of protection against encryption-based ransomware attacks and creates a standard interface for common data security apps. In addition, the S3 API’s granular control over data immutability enables compliance with the most stringent data retention requirements. These features are a must for the modern storage system.
Data – The goal is to prevent data leakage. Wherever sensitive data exists, organizations must implement strict data security measures. To ensure that backup data cannot be accessed or intercepted by unauthorized parties, a robust storage solution with many layers of data-level security is required. This includes comprehensive cryptographic capabilities as well as identity and access management (IAM) capabilities.
storage – Should a skilled hacker gain root access to a storage server, they can bypass API-level protection and gain unrestricted access to all of the server’s data. There are sophisticated AI-powered methods to bypass authentication that make attacks of this type more difficult to defend against. A storage system must ensure that data is safe – even if a malicious actor finds its way into the deepest levels of an organization’s storage system.
Next-generation solutions address this scenario with distributed erasure coding technology. It makes data at the storage level unreadable to hackers and no longer worth exfiltrating. It also enables an IT team to fully reconstruct any data lost or corrupted in an attack – even if multiple drives or an entire server are destroyed.
Geographically –When data is stored in one location, it is particularly vulnerable to attack. Criminals will try to infiltrate multiple organizations at once by attacking data centers or other high-value targets, increasing the likelihood of actually receiving the ransom. Today’s storage recommendations include having many off-site backups in geographical locations to protect data from vulnerabilities in one location.
architecture – The security of the storage architecture determines the security of the storage system. Therefore, cyber resilience must focus on eliminating vulnerabilities in the core system architecture. When a ransomware attack is underway, the first thing an attacker will try is to elevate their privileges. If they succeed, they can disable or otherwise bypass API-level immutability protections.
When a standard file system or other intrinsically mutable architecture forms the foundation of an organization’s storage system, data is left out in the open. The risk of architecture-level ransomware attacks increases when a storage system is built on a vulnerable architecture, given the explosion of malware and AI-enhanced hacking tools.
Going beyond immutability: Staying one step ahead of AI-powered ransomware
AI-powered ransomware attacks are on the rise, rendering many traditional approaches to protecting backup data ineffective. Immutability is a must, but it is not enough to counteract the increasing sophistication of cybercriminals – and not only that, most so-called immutable solutions are not, in reality. What is needed today is end-to-end cyber resilience that addresses five key layers to help organizations future-proof their data security strategy.
We have listed the best cloud antivirus programs.
This article was produced as part of TechRadarPro’s Expert Insights channel, where we highlight the best and brightest minds in technology today. The views expressed here are those of the author and do not necessarily reflect those of TechRadarPro or Future plc. If you are interested in contributing, you can find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro