Employees create content on a daily basis. Much of this content has no long-term value and is not business critical, however, a small percentage is key to running operations. Some of it contains sensitive client information. Some of it contains intellectual property. If this data goes missing or falls into the wrong hands due to a ransomware attack, an organization could be severely wounded and could be at the risk of extinction.
In the past, security applications could keep this data safe and secure inside the data center, but 2020 has shown us that data is now under massive attacks by cybercriminals and is being used to cause great harm and expense to both large and small organizations alike.
In May, the New York based law firm of Grubman Shire Meiselas & Sacks was hit with REvil ransomware. This firm represents high profile clients and celebrities who trust them with very sensitive information. 756 gigabytes of data was stolen during the attack including contracts, nondisclosure agreements, phone numbers, email addresses and personal correspondence. The cybercriminals responsible asked for $42M to avoid publishing this data on the internet to cause long term damage to the firm’s reputation.
In June, the University of California said it paid more than $1M to cybercriminals (the bad actors asked for $3M) to unlock data that was encrypted, data that was part of their COVID-19 research. This intellectual property was critical to a possible treatment for the coronavirus and the criminals threatened to publish it online and share it with the world.
In August, Travelex, a British foreign exchange company, was forced into bankruptcy due to a ransomware attack. Travelex is a very data driven business that relies on their reputation of secure and trusted banking. The attack not only shut down their business in the middle of a pandemic, but also created global embarrassment that could not be repaired.
Going forward, data will matter more than ever before. Protecting data will go to the next level, beyond existing data protection initiatives. In 2021, the following strategies will be critical to organizations that want to avoid the examples used above:
- Data Integrity: Continue to focus on keeping cybercriminals out of the data center, but also check the integrity of data using analytics to know when they have circumvented existing security measures. Analytics will look at how data changes over time and will detect signs of corruption such as encryption and unusual modification not attributed to normal user activity but suspicious cyber threats.
So where do you deploy analytics, being that the production network is already overloaded? The right place to implement analytics is with your backup data. Backups will be used to recover from a ransomware attack. Therefore, ensuring that you organization’s backups have integrity and the data in the latest backup is up-to-date is critical to minimizing disruption. Security leaders should continually their organization’s backups daily and when corrupted data in a backup is detected, rest assured that a clean, previous backup can restore files, possibly avoiding being held hostage by cybercriminals.
- Data Insight: Understand your data environment to know where sensitive data is stored and make sure it is managed based on its value. As data with the enterprise ages, it gets lost and unmanaged within the infrastructure. Indexing data in order to understand the content will be a key initiative in 2021.
It’s imperative that data security leaders understanding where sensitive files exist, including intellectual property, contracts and client information to enable this content is secured and less available to inside and outside threats.
Organizations can rely on reports to expose servers that contain thousands of Excel spreadsheets containing client addresses and bank account information, folders that store legal contracts, PSTs of key executives’ emails, and other data that if found by cybercriminals would quickly be exposed on the dark web. Find this information before bad actors do; secure and protect it to avoid any public embarrassment or worse an interruption in business continuity.
- Data Optimization: Without knowledge of data, it is almost impossible to manage. Profiling data to understand its value will allow it to be stored more cost effectively and securely. Leaving important data on unmanaged servers costs money, but also makes the content vulnerable to inside and outside threat actors. Old project data, ex-employee data, old research studies should be archived and secured so it could be leveraged in the future, but also make it less accessible to those who can use it for harm.
Running reports that can easily uncover this content and migrating it to less expensive storage, a searchable archive, or even the cloud can control an organization’s costs and secure it at the same time. This will permit those who need it in the future to easily find and access it, and at the same time make it less available from cybercriminals.
We have seen much pain in 2020 related to cyberattacks and the resulting data breaches. We will see organizations respond to this with smarter more intelligent capabilities. Adding analytics, indexing, reporting and archiving to the data environment will allow for these intelligent decisions. Decisions that will not only protect organizations from threats on their data, but also streamline their environments to more effectively manage their data assets.