Users create content on a daily basis. Much of this content has no long-term value and is not business-critical; however, a small percentage is key to running operations. Some of it contains sensitive client information. Some of it contains intellectual property. If this data goes missing or falls into the wrong hands due to a ransomware attack, an organization would be severely handicapped and could be at the risk of extinction.
In the past, most leading security applications could keep this data safe and secure inside the data center, but 2020 has shown us that data is now vulnerable to massive attacks by cybercriminals, and is being weaponized to cause great harm and expense to both large and small organizations.
Here are some recent examples of companies that did not secure and manage their data effectively:
In May 2020, the New York-based law firm of Grubman Shire Meiselas & Sacks was hit with REvil ransomware. This firm represents high profile clients and celebrities who trusted them with very sensitive information. Attackers stole 756 gigabytes including contracts, nondisclosure agreements, phone numbers, email addresses and personal correspondence. The cybercriminals responsible asked for $42 million; otherwise, they would publish this data on the internet and cause long-term damage to the firm’s reputation.
In June, the University of California said it paid over $1 million to cybercriminals (they asked for $3 million) to unlock data related to their COVID-19 research that attackers encrypted. This intellectual property was critical to finding a possible treatment for the coronavirus disease, and the criminals threatened to publish it online and share it with the world.
In August, Travelex, the British foreign exchange company, was forced into bankruptcy due to a ransomware attack. Travelex is a very data driven business that relies on their reputation for secure and trusted banking. This attack not only shut down their business in the middle of a pandemic, but also created global damage to their reputation that could not be repaired.
Going forward, data will be an organization’s most valuable asset. Protecting data will have to evolve well beyond existing data protection initiatives. In 2021, the following strategies will be critical to organizations that want to avoid becoming the next cautionary tale.
Data Security: Integrity
Continue to focus on keeping cybercriminals out of the data center, but organizations also should use analytics to check the integrity of data so they know when attackers have circumvented existing security measures. Analytics tracks how data changes over time, and will detect signs of corruption, such as encryption and unusual modification, that can’t be attributed to normal user activity, and could be due to cyberthreats.
Given that production networks are often overloaded, where do you deploy analytics? The right place to implement analytics is with your backup data, as backups will be used to restore and recover from a ransomware attack. Therefore, ensuring that your backups have integrity, and the data in your most recent backup is good, is critical to minimizing disruption. Continually check the backups daily, and when corrupted data in a backup is detected, you’ll be confident you have a clean, previously verified backup to restore to that won’t be held hostage by cybercriminals.
Data Security: Insight
Understand your data environment to know where sensitive data is stored, and make sure it is managed based on its value. As data ages, it gets buried and can often end up unmanaged within the larger infrastructure. Understanding content by indexing data will be a key data security initiative in 2021. Understanding where sensitive files exist, including intellectual property, contracts and client information will enable this content to be better secured and less available to both inside and outside threats.
These index reports will map out servers that contain client addresses and bank account information in thousands of Excel spreadsheets, folders that store legal contracts, PSTs of key executives’ emails and other data in different file formats that, if found by cybercriminals, would quickly be exposed on the dark web. Find this information before they do, and secure and protect it to avoid any public embarrassment.
Without knowledge of data, it is almost impossible to manage. Profiling data to understand its value will allow it to be stored more securely and cost-effectively. Leaving important data on unmanaged servers costs money, but also makes the content vulnerable to both internal and external threat actors. Old project data, ex-employee data, old research studies should be archived and secured to be leveraged in the future, but also to make it less accessible to those who can use it for harm.
Running reports that can easily uncover this content and migrating that data to less expensive storage, or a searchable archive, or even the cloud could control costs and increase security at the same time. This will permit those who need it in the future to easily find and access it, and, at the same time, make it less available to cybercriminals.
Cyberattacks and the resulting data breaches caused a lot of pain in 2020. In 2021, we will see organizations respond to this with smarter, more intelligent data security capabilities. Adding analytics, indexing, reporting and archiving to the data environment will allow for these more intelligent decisions. These decisions will not only protect organizations from threats to their data, but also streamline their environments to more effectively manage their data assets.