“It’s never going to happen to me.” Famous last words.
With incidences of ransomware on the rise, nobody should even be thinking that an attack is something that couldn’t happen to them, let alone speak those words into existence. And for organizations that believe a breach couldn’t happen to them because they store their data in the cloud are burying their heads in the sand.
All companies are vulnerable to ransomware. According to analyst estimates, cybercriminals were able to extort more than $1 billion in cryptocurrency payments from victims in 2023. What may have been a simple operational interruption 5 years ago has ballooned into millions of dollars per incident, loss of business reputation and a mystery as to how long it will take to return to viability.
Standard approaches to data security are no longer the answer
Even more disturbing is that ransomware attacks today have become more sophisticated than the “smash and grab” variety of the past. What was once regarded as a way to win a quick score has become increasingly sophisticated, with cybercriminals content to play a waiting game to find out what data is important, which files are being accessed the most and gaining access to passwords.
Typically, organizations would utilize a system of various storage, snapshots, replication, and backup to ensure business continuity. But because this has become such a standard approach, cybercriminals have begun targeting these systems to ensure greater success at securing a payday.
Ninety-three percent of ransomware attacks today target backups. These backups are being turned off, erased and encrypted. Seventy-five percent are successful in preventing recovery and forcing payment. In addition to impacting operations, successful attacks lead to additional penalties for companies in industries that must protect personal information due to industry compliance and legal requirements.
“There are many benefits to moving to the cloud – from saving money, to easy scalability and greater reliability – for both IT and end users than on-premises infrastructure.”
Judy Kaldenberg, SVP Sales and Marketing at Nexsan
Having your head(ache) in the cloud
In an ever-increasing automated world, the ever-increasing shift to the cloud makes sense. Public clouds offer a plethora of benefits for organizations. Costs are shifted from upfront hardware purchases that will hopefully satisfy future capacity demands to only paying what is used as it is used. Scalability is easy. IT personnel can be utilized on tasks that directly support the business with managed cloud providers doing all the heavy lifting. One thing that it is not necessarily better at – despite the proclamations – is improved security.
Data is only as secure as employees at a company or at the cloud provider make it. The challenge of the cloud for financial organizations under SEC regulations or medical providers that must contend with HIPAA requirements is that data saved to the cloud is out of their control. There are plenty of instances where cybercriminals gain access to data stores because of human error. To what degree of accountability do cloud providers truly offer their customers? What happens when a cybercriminal gains passwords to a company’s Microsoft Azure store or their AWS account? And to what degree are cloud providers made accountable for breaches that result in material loss?
Backups should be protected on an immutable platform
Vulnerabilities are almost certain to occur in any software, hardware or firmware release – including cloud providers’ infrastructures as well. Though not a malicious attack, the recent CrowdStrike outage shows how widespread a disastrous event can be when it occurs as part of a cloud-native platform despite assurances that cybersecurity procedures are in place.
Well, if there are vulnerabilities everywhere, is everyone simply out of luck? Not so fast. Safeguarding a company’s most valuable asset – their data – remains paramount despite the obstacles. Especially as data volumes continue to expand at an unprecedented rate. The challenge therefore is to manage growth while minimizing technological and/or human error to ensure data protection.
The primary goal of backup processes is to guarantee the ability to recover from any data loss or system failure within a predetermined timeframe. This necessitates a robust backup strategy involving automated processes across various applications, platforms and virtual environments. In the face of increasing ransomware threats, immutable storage has become a vital feature.
Rather than placing all of one’s proverbial eggs into a single basket, organizations can strengthen their data storage protection through a hybrid cloud approach that leverages the benefits of the full cloud with the control and security of on-premises solutions. There are several options for ransomware protection including immutable snapshots, S3 object-locking and platforms that provide unbreakable backup. Such solutions offer immutable storage that keeps backup data safe from ransomware attacks, accidental deletions or silent data corruption, while ensuring that backup data remains unaltered and recoverable to provide businesses a reliable defense against evolving cybersecurity threats.
Conclusion
There are many benefits to moving to the cloud – from saving money, to easy scalability and greater reliability – for both IT and end users than on-premises infrastructure. However, security is not one of those benefits. Ransomware has evolved to the point where it is no longer a “will I get hit?” scenario but rather a “when I get hit” one. And, unfortunately, companies rarely see it coming.
For businesses looking for better security of their data, having an immutable backup solution as either a standalone or as part of a hybrid cloud is a more attractive option. This is especially true for organizations with extremely sensitive information, such as healthcare or financial institutions. It can also be ideal for organizations that must comply with regulations that aren’t met by public cloud providers.
Want to have the last word in guaranteeing the safety, security and immediate availability of invaluable data? Ignore the public cloud and instead implement an immutable solution that provides the data integrity, ransomware defense, compliance and legal requirements, and historical data preservation that is needed to tell cybercriminals that they are wasting their time.
“That’s all, folks!”
