Articles C2 Winter 2021 Data Data Security

How to Safeguard Your Data & Applications from Ransomware

It’s ugly out there. Each week, we all see the news reports about more and more companies and organizations falling victim to ransomware and the trend is accelerating. No doubt, you or your colleagues work in or are aware of organizations that have been hit by ransomware over the last few years and had the unenviable responsibility of scrambling to recover data, applications, workloads, and systems in the aftermath of an attack.

The problem isn’t getting any better, especially as the bad actors have changed their tactics – going from encrypting production data as a means to extract ransom payments from their victims to aggressively targeting backup data to exert more pressure on their victims to pay up. Now, the latest tactic is the so-called “double extortion” scam, a fallback pressure tactic when the bad actors realize that their victim has recovered their data and shifts to extorting money to prevent the public disclosure of sensitive data that they exfiltrated.

To address modern day breaches, let’s discuss consumer perceptions, how we got here, the defensive capabilities that you need to protect your organization and your data from ransomware, and how the nature of ransomware has fundamentally changed.

 

New Research Reveals Consumers’ Distrust of Corporate Ransom Payouts

New research indicates that when businesses pay the ransom, they run the risk of losing consumer confidence and prompting people to take their business elsewhere.

This research is based on an August 2021 survey commissioned by Cohesity and conducted by Propeller Insights of more than 1,000 adult U.S. consumers between the ages of 18 through 75 and older, all of whom have heard of ransomware.

  • 40% of Americans surveyed said that they think companies hit by ransomware attacks should not pay the ransom.
  • More than half of those surveyed, 55%, said that companies that do pay ransoms encourage ransomware and bad actors.
  • 43% of respondents think that ransom payments will raise the price of goods and services.
  • 23% of those surveyed said that they would stop doing business with a company that paid the ransom, and 48% said while they can’t say yes or no, they would give it a lot of thought as it concerns them greatly.
  • When asked if consumers believe organizations are doing enough to protect their data, 42% answered either “it’s unlikely” or “no.”

While no organization is immune from ransomware attacks, those enterprises that implement modern security and next-gen data management strategies that enable them to quickly recover if they are attacked – without having to pay the ransom – are the ones that will win favor with consumers over those that can’t.

 

Traditional Approaches to Data Management Don’t Solve Ransomware

Many of today’s data management tools were designed years or even decades ago – before multicloud, ransomware, GDPR, and other modern day IT considerations. Others were designed either for on-premises or cloud-only operation (not hybrid or multicloud) and had limited functionality.

For years, IT has had to assemble a ‘Do It Yourself’ collection of dozens of tools to handle all the aspects of data management (like backup, files & objects, security, governance, dev/test, analytics, etc.) into a working system – kind of like self-assembly furniture without the instructions. This created all kinds of challenges: multiple UIs, no single policy control, inefficient silos, duplicate data, high operational costs, different solutions for the cloud vs on-premises, etc. IT teams are spending 40% of their time just managing this complexity, instead of on more important tasks.

This fragmented approach with separate tools presents an easy attack surface for cyber criminals to target with ransomware and other security exploits. No central visibility into incoming threats, different security standards between components, reliant on human operators’ diligence, no mechanism for rapid recovery – a disaster waiting to happen.

The modern enterprise is just too complex and dynamic for IT teams to manage manually. Overworked IT teams can easily miss an impending cyber-attack or system problem that can put you out of business. IT tools should be smart enough to anticipate these issues and provide some warning or recommendation rather than relying on human diligence.

So far, we’ve only discussed the difficulties in getting your data under control. What about getting value out of your data to help drive the business and beat the competition? Today this is a whole separate task for IT, involving moving data out of one system into yet another set of tools just to extract insights.

Given the trends we spoke about, the relentless growth in corporate data, and the pressure on IT to meet tougher SLAs, we believe the situation is unsustainable – the industry needs a new approach.

 

The Key to Cyber Resiliency: Next-Gen Data Management

It should come as no surprise that businesses are changing their strategies in response to the ransomware threat, looking to next-gen data management to go beyond backing up their data to make sure they plan for recovery when ransomware strikes.

Next-gen data management aims to deliver a unique combination of four elements that could not only help to improve security postures but also address today’s challenges of complexity, cost, and risk associated with legacy data management solutions – and allows you to unlock limitless value from your data.

  1. Beyond Zero Trust Security: Detect, protect, and rapidly recover from ransomware attacks.
    • Build-in AI-powered threat detection, immutability, and instant mass restore helps thwart ransomware attacks
    • Disaster recovery and automated failover minimize downtime
    • Integration with leading security ecosystem partners automated and extends protection
  1. Simplicity at Scale: Manage everything in one place, expand with ease.
    • Single hyperscale software platform powers multiple use cases
    • Single UI provides global visibility and control across the multicloud and hybrid cloud
    • Flexible deployment choice: self-managed, partner-managed, or SaaS
  1. Powered by AI: Improve decisions and act faster with built-in smart capabilities.
    • SmartAssist offloads manual effort, provides proactive alerts, and health checks
    • AI-based threat detection and scanning counters cybercrime, including ransomware
    • AI-powered recommendations reduce cost and improve performance
  1. 3rd Party Extensibility: Leverage marketplace apps or integrate with industry-leading solutions
    • Discover and download third-party and Cohesity apps for file analytics, anti-virus detection, vulnerability scanning, custom reports, and visualization
    • Enable self-service operations through ready-to-use automation and orchestration tool integrations
    • Build, automate, and manage operational workflows to cut cost and time

 

A Next-Gen Data Management Portfolio Optimized to Minimize the Impact of Ransomware, and more…

Today, we operate in a hybrid world where you can choose to deploy on-premises or in the cloud. The Cohesity Helios platform is designed to support all these capabilities through multiple use cases and deliver them in a consistent and safe manner to protect, defend, and recover at scale.

 

It’s your choice to consume these as a service (e.g., HPE GreenLake) or self-managed on-prem. The Cohesity Helios platform logically spans your multi-cloud environment. It operates on zero trust security principles. It gives you simplicity at scale. It’s powered by AI insights. And it has 3rd party extensibility. On top of all of that, you can consume it the way you like. You can manage the software yourself on-premises, or you can consume it as a SaaS service in the cloud.

Go Beyond Zero Trust with Threat Defense

Defend your business against sophisticated ransomware attacks that aim to encrypt and exfiltrate your data with a multilayered data security architecture. Click here to learn more.


Author

Lisa Robinson Schoeller
Cohesity | HPE Product and Solution Marketing
Cohesity

Lisa Robinson Schoeller leads Cohesity | HPE Product and Solution Marketing for Cohesity. A technology marketing executive with over twenty years’ experience, Lisa helps companies accelerate growth by rapidly turning business goals into increased revenue and market share.

Follow her on Twitter.