Ransomware is an attack on your data. Can you say that your approach to preventing ransomware is focused on data? Organizations are becoming more aware of the chaos that ransomware can create — to the tune of $4.62 million in escalation, notification, lost business and response costs, according to the 2021 Cost of a Data Breach Report. To combat ransomware, data protection solutions need to play a role in your overall data security and cybersecurity strategy.
How Does Ransomware Work?
Ransomware is a type of malware, a general term for intrusive software that is designed to exploit vulnerabilities to damage computer systems. Attackers use ransomware to encrypt sensitive data belonging to a person or an organization. Once they encrypt the data, they demand a ransom in exchange for the decryption key. The victim then uses the key to regain access to the encrypted data.
Ransomware gains access to sensitive data most commonly through phishing schemes or phishing emails. The reader mistakes email attachments for trusted files. Once they open the files, the ransomware takes over the computer system and can gain access to admin privileges. At this point, the ransomware will encrypt some, if not all, of the user’s files. Next, it sends a message to the user demanding a ransom.
Forrester’s Data Security and Control Framework
Careful data security measures can go a long way in helping you to prevent or stop ransomware in its tracks. Forrester suggests a strategic, data-centric approach to securing data. Their framework breaks down the challenge of controlling and securing data into three areas:
- Defining the data
- Dissecting and analyzing the data
- Defending and protecting the data.
Read the full Forrester report
Defining the data: To better understand what you need to protect, data discovery and classification are necessary. You need to first establish where your data lives and moves. It’s also important to know the value and risk of that data, in order to properly control and secure it.
Dissecting and analyzing the data: It’s important to gain a complete view of the risks surrounding your data. Therefore, you need ongoing visibility into data use and changing threats. Good data intelligence provides contextual insights into your data. It helps you see the business value of the data as well as know who is using it, how often and for what purpose.
Defending and protecting the data: To cover your bases, consider access control, data usage inspection, data minimization or deletion and data encryption as core data security needs. These measures help ensure that the right user gets access to the right data at the right time. They can also alert defending teams to any potential abuses, and decrease the volume and value of sensitive information.
Data Activity Monitoring Offers Greater Visibility and Control
How can you spot ransomware pretending to be a privileged user? Can you distinguish normal from abnormal user behavior? Large data pulls performed over several hours may be typical for an analyst. More extreme behavior — say, tens of thousands of file access requests within a single hour — may indicate a ransomware attack. That’s why a solution that monitors data, including data usage and access patterns, helps. It can issue alerts and block user activity to mitigate the impact of ransomware. To secure data throughout your hybrid cloud environment, you need a modern data security solution that is adaptable, intelligent and connected.
Learn about IBM Guardium Data Protection
An adaptable solution that keeps pace with your growing data landscape should offer centralized policy management and enforcement to monitor user activity around sensitive on-premises and cloud data sources. With real-time monitoring for the most critical data, you will be able to log and inspect data activity traffic to detect early signs of a ransomware attack and alert your security team to investigate.
Intelligent data protection offers data threat analysis to quickly discern and focus on the most significant threats. Advanced analytics, such as machine learning, can provide rich insights to quickly spot and prioritize threats indicative of potential breaches or insider abuse. It can also provide insights into user entitlements, which should be reviewed and updated regularly to reduce the attack surface. A key tactic for reducing the impact of ransomware is to limit the amount of data it can encrypt, which means limiting the amount of data even the most privileged users can access on a regular basis.
Connected Solutions
Lastly, a modern data protection solution is connected in order to support a zero trust approach that reduces data and product silos for shared insights and faster incident response. Ransomware is a data-centric issue. However, a variety of tools beyond data security are required for thorough protection against ransomware and other threats. These tools include the following:
- Identity and access management
- User behavioral analytics
- Endpoint protection
- SIEM
- SOAR
- Data backup and recovery
- And more.
A good data security solution can easily integrate with other tools. That way, it enables the sharing of rich, contextual insights across IT and security teams. That, in turn, informs stronger data and identity governance. With this, you can improve the speed and quality of responses to attempted ransomware attacks.
IBM Security Guardium Product Marketing Manager