Cybercriminals are making headlines using ransomware to block organizations from accessing their own critical business data to extort ransoms.
In 2021, ransomware has become a pervasive, newsworthy topic that competes as a major national security issue. In the last year alone, ransomware cost American victims roughly $1.4 billion in ransom demands alone. This is an under-estimation given the related costs of downtime, financial penalties and reputational loss.
According to the 2021 Cost of a Data Breach report, ransomware attacks have grown more common and have a greater average cost of a breach than the overall average. This average comes out to nearly $4.62 million for a ransomware attack. These costs can be attributed to escalation, notification, lost business and response costs, but does not include the cost of the ransom.
No one solution available in the market today can completely protect against ransomware, but data encryption is key to any comprehensive data protection strategy. Data encryption software affords control over security policies that prevent malicious users and rogue processes from taking control of your sensitive data. In an analysis of 25 cost factors that either amplified or mitigated the average total cost of a data breach, use of high standard encryption was third among cost mitigating factors.
Read the report
What is Ransomware?
A ransomware attack generally follows a known pattern. In one scenario, the threat actor does their homework by tracking down employee email addresses, which they use to orchestrate a phishing campaign that delivers ransomware via an email attachment.
An employee untrained to detect such schemes will open the email attachment, which is masquerading as something that looks trustworthy. Doing so opens the door to malware infecting their laptop and any known vulnerabilities. The ransomware goes on to take over sensitive files and databases by encrypting them. Only the threat actor will have the key to decrypt the data. To get the key, the victim has to pay the ransom.
It is imperative that employees be trained to recognize phishing. It only takes one person to make a mistake to allow ransomware to take hold of sensitive data. Organizations are also deploying additional measures such as securing email and web gateways, applying software patches to vulnerabilities and monitoring Domain Name System queries. However, these techniques are often ineffective against new and unknown strains of malware.
Application of zero trust security principles is a growing area of focus to embed technologies and processes that help mitigate ransomware attacks. As a failsafe, organizations should make sure to back up all critical business data, so that data restoration is possible without having to meet the demands of cybercriminals. Even with a backup, it’s possible the ransomware remains in the network, so any points of vulnerability will need to be fully addressed.
Consider Data Encryption to Block Ransomware
Organizations should consider a data protection solution with application whitelisting, access control and data encryption to effectively protect against ransomware. Application whitelisting is the process of specifying which software applications or executable files are allowed to run. This helps block malware from entering and executing within the network.
Explore Guardium Data Encryption
Access control is also key because it defines which users have access to which files or folders and what operations can be performed by the user on specific data. Oftentimes, malware attempts to gain privileges to access sensitive data. In the case of ransomware, once the threat actors have access to the system, they can encrypt sensitive data and hold it hostage until the ransom is paid. Fine-grained access control can prevent users from having more access than they should.
Data encryption protects data wherever it lives across the hybrid multicloud environment. Once data is encrypted and the encryption key is secured, the data becomes useless to any cybercriminal. If that data is already encrypted, that makes it much more difficult for the malware to detect it and attack.
A gold-standard data encryption solution will not only encrypt data across the technology stack, but will provide application whitelisting and fine-grained access control with consistent policy enforcement. By controlling access to trusted executables, limiting privileged access and obfuscating critical data, your organization will be much better positioned against ransomware attacks.
IBM Security Guardium Product Marketing Manager
Cynthia is a product marketing manager for IBM Security Guardium, IBM’s portfolio of data protection solutions. In addition, she supports IBM Security’s ...