October 26, 2021 By Cynthia Luu 3 min read

Ransomware is an attack on your data. Can you say that your approach to preventing ransomware is focused on data? Organizations are becoming more aware of the chaos that ransomware can create — to the tune of $4.62 million in escalation, notification, lost business and response costs, according to the 2021 Cost of a Data Breach Report. To combat ransomware, data protection solutions need to play a role in your overall data security and cybersecurity strategy.

How Does Ransomware Work?

Ransomware is a type of malware, a general term for intrusive software that is designed to exploit vulnerabilities to damage computer systems. Attackers use ransomware to encrypt sensitive data belonging to a person or an organization. Once they encrypt the data, they demand a ransom in exchange for the decryption key. The victim then uses the key to regain access to the encrypted data.

Ransomware gains access to sensitive data most commonly through phishing schemes or phishing emails. The reader mistakes email attachments for trusted files. Once they open the files, the ransomware takes over the computer system and can gain access to admin privileges. At this point, the ransomware will encrypt some, if not all, of the user’s files. Next, it sends a message to the user demanding a ransom.

Forrester’s Data Security and Control Framework

Careful data security measures can go a long way in helping you to prevent or stop ransomware in its tracks. Forrester suggests a strategic, data-centric approach to securing data. Their framework breaks down the challenge of controlling and securing data into three areas:

  1. Defining the data
  2. Dissecting and analyzing the data
  3. Defending and protecting the data.
Read the full Forrester report

Defining the data: To better understand what you need to protect, data discovery and classification are necessary. You need to first establish where your data lives and moves. It’s also important to know the value and risk of that data, in order to properly control and secure it.

Dissecting and analyzing the data: It’s important to gain a complete view of the risks surrounding your data. Therefore, you need ongoing visibility into data use and changing threats. Good data intelligence provides contextual insights into your data. It helps you see the business value of the data as well as know who is using it, how often and for what purpose.

Defending and protecting the data: To cover your bases, consider access control, data usage inspection, data minimization or deletion and data encryption as core data security needs. These measures help ensure that the right user gets access to the right data at the right time. They can also alert defending teams to any potential abuses, and decrease the volume and value of sensitive information.

Data Activity Monitoring Offers Greater Visibility and Control

How can you spot ransomware pretending to be a privileged user? Can you distinguish normal from abnormal user behavior? Large data pulls performed over several hours may be typical for an analyst. More extreme behavior — say, tens of thousands of file access requests within a single hour — may indicate a ransomware attack. That’s why a solution that monitors data, including data usage and access patterns, helps. It can issue alerts and block user activity to mitigate the impact of ransomware. To secure data throughout your hybrid cloud environment, you need a modern data security solution that is adaptable, intelligent and connected.

Learn about IBM Guardium Data Protection

An adaptable solution that keeps pace with your growing data landscape should offer centralized policy management and enforcement to monitor user activity around sensitive on-premises and cloud data sources. With real-time monitoring for the most critical data, you will be able to log and inspect data activity traffic to detect early signs of a ransomware attack and alert your security team to investigate.

Intelligent data protection offers data threat analysis to quickly discern and focus on the most significant threats. Advanced analytics, such as machine learning, can provide rich insights to quickly spot and prioritize threats indicative of potential breaches or insider abuse. It can also provide insights into user entitlements, which should be reviewed and updated regularly to reduce the attack surface. A key tactic for reducing the impact of ransomware is to limit the amount of data it can encrypt, which means limiting the amount of data even the most privileged users can access on a regular basis.

Connected Solutions

Lastly, a modern data protection solution is connected in order to support a zero trust approach that reduces data and product silos for shared insights and faster incident response. Ransomware is a data-centric issue. However, a variety of tools beyond data security are required for thorough protection against ransomware and other threats. These tools include the following:

  1. Identity and access management
  2. User behavioral analytics
  3. Endpoint protection
  4. SIEM
  5. SOAR
  6. Data backup and recovery
  7. And more.

A good data security solution can easily integrate with other tools. That way, it enables the sharing of rich, contextual insights across IT and security teams. That, in turn, informs stronger data and identity governance. With this, you can improve the speed and quality of responses to attempted ransomware attacks.

More from Data Protection

How governance, risk and compliance (GRC) addresses growing data liability concerns

4 min read - In an era where businesses increasingly rely on artificial intelligence (AI) and advanced data capabilities, the effectiveness of IT services is more critical than ever. Yet despite the advancements in technology, business leaders are increasingly dissatisfied with their IT departments.According to a study by IBM's Institute for Business Value, confidence in the effectiveness of basic IT services among top executives has significantly declined. While AI promises transformational capabilities, particularly generative artificial intelligence (gen AI), the road to realizing these benefits…

Access control is going mobile — Is this the way forward?

2 min read - Last year, the highest volume of cyberattacks (30%) started in the same way: a cyber criminal using valid credentials to gain access. Even more concerning, the X-Force Threat Intelligence Index 2024 found that this method of attack increased by 71% from 2022. Researchers also discovered a 266% increase in infostealers to obtain credentials to use in an attack. Family members of privileged users are also sometimes victims.“These shifts suggest that threat actors have revalued credentials as a reliable and preferred…

Ransomware on the rise: Healthcare industry attack trends 2024

4 min read - According to the IBM Cost of a Data Breach Report 2024, the global average cost of a data breach reached $4.88 million this year, a 10% increase over 2023.For the healthcare industry, the report offers both good and bad news. The good news is that average data breach costs fell by 10.6% this year. The bad news is that for the 14th year in a row, healthcare tops the list with the most expensive breach recoveries, coming in at $9.77…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today