October 26, 2021 By Cynthia Luu 3 min read

Ransomware is an attack on your data. Can you say that your approach to preventing ransomware is focused on data? Organizations are becoming more aware of the chaos that ransomware can create — to the tune of $4.62 million in escalation, notification, lost business and response costs, according to the 2021 Cost of a Data Breach Report. To combat ransomware, data protection solutions need to play a role in your overall data security and cybersecurity strategy.

How Does Ransomware Work?

Ransomware is a type of malware, a general term for intrusive software that is designed to exploit vulnerabilities to damage computer systems. Attackers use ransomware to encrypt sensitive data belonging to a person or an organization. Once they encrypt the data, they demand a ransom in exchange for the decryption key. The victim then uses the key to regain access to the encrypted data.

Ransomware gains access to sensitive data most commonly through phishing schemes or phishing emails. The reader mistakes email attachments for trusted files. Once they open the files, the ransomware takes over the computer system and can gain access to admin privileges. At this point, the ransomware will encrypt some, if not all, of the user’s files. Next, it sends a message to the user demanding a ransom.

Forrester’s Data Security and Control Framework

Careful data security measures can go a long way in helping you to prevent or stop ransomware in its tracks. Forrester suggests a strategic, data-centric approach to securing data. Their framework breaks down the challenge of controlling and securing data into three areas:

  1. Defining the data
  2. Dissecting and analyzing the data
  3. Defending and protecting the data.
Read the full Forrester report

Defining the data: To better understand what you need to protect, data discovery and classification are necessary. You need to first establish where your data lives and moves. It’s also important to know the value and risk of that data, in order to properly control and secure it.

Dissecting and analyzing the data: It’s important to gain a complete view of the risks surrounding your data. Therefore, you need ongoing visibility into data use and changing threats. Good data intelligence provides contextual insights into your data. It helps you see the business value of the data as well as know who is using it, how often and for what purpose.

Defending and protecting the data: To cover your bases, consider access control, data usage inspection, data minimization or deletion and data encryption as core data security needs. These measures help ensure that the right user gets access to the right data at the right time. They can also alert defending teams to any potential abuses, and decrease the volume and value of sensitive information.

Data Activity Monitoring Offers Greater Visibility and Control

How can you spot ransomware pretending to be a privileged user? Can you distinguish normal from abnormal user behavior? Large data pulls performed over several hours may be typical for an analyst. More extreme behavior — say, tens of thousands of file access requests within a single hour — may indicate a ransomware attack. That’s why a solution that monitors data, including data usage and access patterns, helps. It can issue alerts and block user activity to mitigate the impact of ransomware. To secure data throughout your hybrid cloud environment, you need a modern data security solution that is adaptable, intelligent and connected.

Learn about IBM Guardium Data Protection

An adaptable solution that keeps pace with your growing data landscape should offer centralized policy management and enforcement to monitor user activity around sensitive on-premises and cloud data sources. With real-time monitoring for the most critical data, you will be able to log and inspect data activity traffic to detect early signs of a ransomware attack and alert your security team to investigate.

Intelligent data protection offers data threat analysis to quickly discern and focus on the most significant threats. Advanced analytics, such as machine learning, can provide rich insights to quickly spot and prioritize threats indicative of potential breaches or insider abuse. It can also provide insights into user entitlements, which should be reviewed and updated regularly to reduce the attack surface. A key tactic for reducing the impact of ransomware is to limit the amount of data it can encrypt, which means limiting the amount of data even the most privileged users can access on a regular basis.

Connected Solutions

Lastly, a modern data protection solution is connected in order to support a zero trust approach that reduces data and product silos for shared insights and faster incident response. Ransomware is a data-centric issue. However, a variety of tools beyond data security are required for thorough protection against ransomware and other threats. These tools include the following:

  1. Identity and access management
  2. User behavioral analytics
  3. Endpoint protection
  4. SIEM
  5. SOAR
  6. Data backup and recovery
  7. And more.

A good data security solution can easily integrate with other tools. That way, it enables the sharing of rich, contextual insights across IT and security teams. That, in turn, informs stronger data and identity governance. With this, you can improve the speed and quality of responses to attempted ransomware attacks.

More from Data Protection

The compelling need for cloud-native data protection

4 min read - Cloud environments were frequent targets for cyber attackers in 2023. Eighty-two percent of breaches that involved data stored in the cloud were in public, private or multi-cloud environments. Attackers gained the most access to multi-cloud environments, with 39% of breaches spanning multi-cloud environments because of the more complicated security issues. The cost of these cloud breaches totaled $4.75 million, higher than the average cost of $4.45 million for all data breaches.The reason for this high cost is not only the…

Data residency: What is it and why it is important?

3 min read - Data residency is a hot topic, especially for cloud data. The reason is multi-faceted, but the focus has been driven by the General Data Protection Regulation (GDPR), which governs information privacy in the European Union and the European Economic Area.The GDPR defines the requirement that users’ personal data and privacy be adequately protected by organizations that gather, process and store that data. After the GDPR rolled out, other countries such as Australia, Brazil, Canada, Japan, South Africa and the UAE…

Third-party breaches hit 90% of top global energy companies

3 min read - A new report from SecurityScorecard reveals a startling trend among the world’s top energy companies, with 90% suffering from data breaches through third parties over the last year. This statistic is particularly concerning given the crucial function these companies serve in everyday life.Their increased dependence on digital systems facilitates the increase in attacks on infrastructure networks. This sheds light on the need for these energy companies to adopt a proactive approach to securing their networks and customer information.2023 industry recap:…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today