October 26, 2021 By Cynthia Luu 3 min read

Ransomware is an attack on your data. Can you say that your approach to preventing ransomware is focused on data? Organizations are becoming more aware of the chaos that ransomware can create — to the tune of $4.62 million in escalation, notification, lost business and response costs, according to the 2021 Cost of a Data Breach Report. To combat ransomware, data protection solutions need to play a role in your overall data security and cybersecurity strategy.

How Does Ransomware Work?

Ransomware is a type of malware, a general term for intrusive software that is designed to exploit vulnerabilities to damage computer systems. Attackers use ransomware to encrypt sensitive data belonging to a person or an organization. Once they encrypt the data, they demand a ransom in exchange for the decryption key. The victim then uses the key to regain access to the encrypted data.

Ransomware gains access to sensitive data most commonly through phishing schemes or phishing emails. The reader mistakes email attachments for trusted files. Once they open the files, the ransomware takes over the computer system and can gain access to admin privileges. At this point, the ransomware will encrypt some, if not all, of the user’s files. Next, it sends a message to the user demanding a ransom.

Forrester’s Data Security and Control Framework

Careful data security measures can go a long way in helping you to prevent or stop ransomware in its tracks. Forrester suggests a strategic, data-centric approach to securing data. Their framework breaks down the challenge of controlling and securing data into three areas:

  1. Defining the data
  2. Dissecting and analyzing the data
  3. Defending and protecting the data.
Read the full Forrester report

Defining the data: To better understand what you need to protect, data discovery and classification are necessary. You need to first establish where your data lives and moves. It’s also important to know the value and risk of that data, in order to properly control and secure it.

Dissecting and analyzing the data: It’s important to gain a complete view of the risks surrounding your data. Therefore, you need ongoing visibility into data use and changing threats. Good data intelligence provides contextual insights into your data. It helps you see the business value of the data as well as know who is using it, how often and for what purpose.

Defending and protecting the data: To cover your bases, consider access control, data usage inspection, data minimization or deletion and data encryption as core data security needs. These measures help ensure that the right user gets access to the right data at the right time. They can also alert defending teams to any potential abuses, and decrease the volume and value of sensitive information.

Data Activity Monitoring Offers Greater Visibility and Control

How can you spot ransomware pretending to be a privileged user? Can you distinguish normal from abnormal user behavior? Large data pulls performed over several hours may be typical for an analyst. More extreme behavior — say, tens of thousands of file access requests within a single hour — may indicate a ransomware attack. That’s why a solution that monitors data, including data usage and access patterns, helps. It can issue alerts and block user activity to mitigate the impact of ransomware. To secure data throughout your hybrid cloud environment, you need a modern data security solution that is adaptable, intelligent and connected.

Learn about IBM Guardium Data Protection

An adaptable solution that keeps pace with your growing data landscape should offer centralized policy management and enforcement to monitor user activity around sensitive on-premises and cloud data sources. With real-time monitoring for the most critical data, you will be able to log and inspect data activity traffic to detect early signs of a ransomware attack and alert your security team to investigate.

Intelligent data protection offers data threat analysis to quickly discern and focus on the most significant threats. Advanced analytics, such as machine learning, can provide rich insights to quickly spot and prioritize threats indicative of potential breaches or insider abuse. It can also provide insights into user entitlements, which should be reviewed and updated regularly to reduce the attack surface. A key tactic for reducing the impact of ransomware is to limit the amount of data it can encrypt, which means limiting the amount of data even the most privileged users can access on a regular basis.

Connected Solutions

Lastly, a modern data protection solution is connected in order to support a zero trust approach that reduces data and product silos for shared insights and faster incident response. Ransomware is a data-centric issue. However, a variety of tools beyond data security are required for thorough protection against ransomware and other threats. These tools include the following:

  1. Identity and access management
  2. User behavioral analytics
  3. Endpoint protection
  4. SIEM
  5. SOAR
  6. Data backup and recovery
  7. And more.

A good data security solution can easily integrate with other tools. That way, it enables the sharing of rich, contextual insights across IT and security teams. That, in turn, informs stronger data and identity governance. With this, you can improve the speed and quality of responses to attempted ransomware attacks.

More from Data Protection

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

How data residency impacts security and compliance

3 min read - Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today