How to protect your data against exposure
Many enterprises underestimate the importance of keeping their confidential, proprietary, or otherwise regulated data separate and secure. In cases where this type of data was stored in a shared location that could be accessed by multiple business units, log analysis showed that as the company experienced a cyberattack, highly sensitive data was being sent outside of the organization, because the business unit targeted by attackers had access to the whole drive.
Once you identify what constitutes those types of information in your organization, the next steps are to apply the right data loss prevention policy, classify the data, and organize it. After that, you will put that data and its access points through vital procedures such as encryption, ID authentication with multifactor authentication, identifying who should be granted access and why.
We recently worked with a compromised customer in the manufacturing industry. When we asked the CISO about the possibility of data leakage, he was confident there was none—because the team had prepared for the worst. The organization had the right controls to access, share, transfer, and monitor critical assets—which ultimately provided confidence that the company’s data was safe from leakage. It was a textbook example of how identifying your key data and protecting it can drastically change the outcome of a ransomware attack.
How to protect your backups for recovery
Many organizations keep their backup servers within a virtual infrastructure that gets encrypted by an attacker. In such cases, the organizations can fail to recover data from the backups. As a result, they have to recover it from alternate sources, such as non-production environments, and then rebuild multiple servers from scratch.
It’s not an optimal situation.
Better if the critical systems or access points that are identified have backed-up copies in an air-gapped zone and are kept on WORM (write once, read many) storage. This precaution ensures access is isolated in that zone along with the copy. The data can be scanned and marked clean. Automated recovery can then proceed, and business functions can come back online.
These steps help ensure clean data recovery, especially when cyber-attackers target backup servers as well.
Bringing a cyber resiliency mindset to life
At a time when ransomware attacks are some of the biggest cyber threats to enterprises, much can be done to better integrate a “no-ransom” mindset into cyber resiliency plans. Enterprises need to invest more time on zero-trust architectures and better business continuity plans based on simulations of ransomware attacks before they occur.
There are multiple layers when it comes to protecting data. Companies need to cover the entire perimeter to ensure that data remains safe from unauthorized access, corruption, or theft.
However, many organizations still favor a siloed approach—addressing data classification, data access, encryption, masking, education, and awareness as standalone tactics, when it pays to view them holistically.
As the threat landscape continually evolves, better-prepared enterprises can get a step ahead of attackers, countering crippling data losses and business disruptions to maintain business as usual.
Harish Soni is the Cyber Resiliency Practice Leader at Kyndryl India.