This guest post was contributed by Jon Toor of Cloudian.
Ransomware continues to be the top cybersecurity threat, with attacks up 62% in the first half of 2021. Ransomware works by accessing the IT infrastructure of an organization, reading files, then encrypting those files and overwriting the original data. It can penetrate quickly, often striking on the weekend or holidays when IT staff aren’t actively monitoring. The hacker then demands a fee for the decryption key. Even if an organization does pay the ransom, there are other related costs such as downtime and reputational damage that can be significant.
Despite the growth of ransomware attacks, their increasing sophistication and the significant damage they can inflict, some organizations continue to operate under misconceptions about ransomware protection:
#1. “My perimeter defense is up to date”
Training employees on cybersecurity best practices and investing in perimeter defense solutions, while important measures, are not sufficient to protection against ransomware attacks and their repercussions. Even robust, fully updated perimeter defenses are often just a speed bump for cybercriminals, who are using increasingly sophisticated phishing emails to circumvent them. In our 2021 Ransomware Victims Report, 54% of survey respondents reported having anti-phishing training in place at the time of the attack, and it only takes one employee to click on a malicious file or link to open the door to ransomware.
#2. “I’ve backed up my data, so I don’t need to worry about ransomware”
Backup is an essential element of data protection, but cybercriminals know this so they often target the backup copies first. To protect against ransomware, organizations must have a data backup that’s immutable. Immutability prevents data from being overwritten or deleted, enabling quick recovery of an unaltered copy in the event of a ransomware attack.
#3. “Cybercriminals can’t manage to get to both our on-premises data and the copies we store in the public cloud”
The Cloudian 2021 Ransomware Victims Report also found that nearly half of IT decision-makers that store data on-premises or with an external service provider believe that the public cloud is a safer place to keep this data. However, relying on the public cloud won’t necessarily protect against ransomware either. Hackers can target cloud-based data just as readily as on-prem data, and the majority of attacks -- about 59%, according to the 2020 Sophos State of Ransomware Report -- include data in public clouds. Having a copy of your data in a public cloud is a good disaster recovery strategy in case of problems such as fire, flood or power outages, but it won’t protect against ransomware unless data stored there is also immutable.
#4. “We have the budget to pay for a ransomware attack if it occurs.”
In some cases, organizations figure they will just treat a ransomware payment as a cost of doing business. They will pay the ransom from an emergency budget, get their files back and move on. There are two problems with this. First, there is no guarantee that they will actually get their data back. Second, this approach fails to take into account other costs related to a ransomware attack and recovery, such as business downtime, forensic analysis and security patches and enhancements as well as reputational damage that results in lost revenue. In our Ransomware Victims Report, the average ransom payment for those that paid ransom was $223,000, but they also incurred an additional $186,000 in related costs, on average. In addition, studies have shown a high likelihood of being attacked again, even for those organizations that pay ransom – 80% according to survey conducted by Cybereason, a cybersecurity technology company.
#5. “…But we have cyber insurance”
Although cyber insurance may offset the cost of a ransomware attack, not all policies cover such attacks. Even if they do, they may only cover a portion of the costs due to deductibles and caps. In addition, with the steep rise in claims, carriers are increasingly requiring that organizations have specific security measures in place – such as data immutability – before they will approve a policy or pay out a claim.
When it comes to protecting against ransomware, organizations need a comprehensive cybersecurity strategy that goes beyond perimeter security and other traditional defenses. Data immutability enables quick recovery in the event of an attack without having to pay ransom. Data encryption at the storage layer prevents cybercriminals from publishing your data in any intelligible form, thereby eliminating the other aspect of ransomware extortion. The combination provides a one-two punch to protect your organization’s valuable data.