Cyber criminals are no longer just holding data and giving it back after payment – the threat has evolved into something much more malign, says Northdoor’s Martin Summerhayes, Head of Managed & Support Services in this Opinion piece;
Cyber criminals have always been masters of evolving their threat. From changing techniques and finding new vulnerabilities to exploit, they force organisations to constantly be on the front foot to keep data safe.
This has been the same for ransomware. The traditional route of ransomware attacks was that criminals would gain access to the data, extracting it away and asking for exorbitant amounts of money to return it. The traditional defence against this was to ensure regular and siloed data backup. This however is no longer an effective as cyber criminals have once again moved the goalposts
Beyond the Backup – The New Era of Ransomware Extortion
The shift from traditional ‘encryption-based’ ransomware to data theft represents a fundamental evolution in cyber-criminal strategy.
In the insurance and banking sectors in particular the availability of data is no longer the primary leverage point for attackers. Instead, it is the confidentiality and reputational value of that data that is being held against the organisations that have been breached. This has far reaching consequences on the way organisations must now defend themselves.
Why Backups Alone are No Longer a Protection Strategy
For years, the industry mantra was ‘backup, backup, backup.’ While robust backups are essential for business continuity and disaster recovery, they are a passive defence. In a modern data-theft attack, the criminal doesn’t need to lock your systems; they simply need to exfiltrate a copy of your sensitive information.
Restoring from a backup does nothing to mitigate the threat of that data being leaked on the dark web or used to blackmail your clients. Where sensitive data has been taken, simply restoring the it will not save it from being used by bad actors; a backup is merely a recovery item, not a security shield.
How CISOs Must Reframe the Conversation
CISOs need to stop talking about ransomware as a ‘disaster recovery’ event and start discussing it as a ‘data governance’ and ‘observability’ challenge. There are three key pivots:
- From Recovery to Resilience: It is no longer enough to have a copy of the data; you must have the ability to detect the movement of data. For example, if an attacker is siphoning off gigabytes of insurance records or end-user records your infrastructure must be intelligent enough to flag that anomaly in real-time.
- Focus on Data Sovereignty & Encryption: If data is stolen but it is effectively encrypted at rest and in transit with keys the attacker cannot access, the ‘theft’ is immediately neutralised. CISOs should focus on enterprise infrastructure projects that embed security into the data layer itself, rather than just the perimeter.
- The Regulatory & Reputational Stakeholder: CISOs must frame ransomware conversations around the cost of a data breach in terms of regulatory fines and lost client trust, rather than just the cost of downtime. In highly regulated sectors, the ‘ransom’ is often the smallest part of the total loss.
Ransomware has long been a favourite and effective tactic of cyber criminals. However, with so many organisations understanding the importance of back-up and the nature of much of the data held by insurance and financial organisations has meant that they have once again moved on.
Companies, particularly those in highly regulated organisations, must react. Standing still is not an option; cyber criminals are certainly not. Taking the three key pivots into consideration and changing the way the think and defend against ransomware will help to keep cyber criminals out and data safe.
Be the first to comment