New challenges in dealing with ransomware and protecting data

Cybersecurity lock with the abstract circuitry of a security fabric.
Phive2015 / Getty Images

The need for organisations to guard against the dangers of ransomware is not new, yet never has the threat to data been so pervasive as in 2022.

In addition to the perpetually ongoing growth in the scale and sophistication of the capabilities which threat actors possess, there’s been the requirement for businesses to rapidly shift to work-from-home models since the outbreak of the Covid-19 pandemic – that in turn has increased the challenge of managing and protecting data.

This increase in data footprint, and as a result organisations’ attack surfaces, has given rise to new security vulnerabilities and vectors of attack, posing a profound challenge for security professionals who’ve been tasked to formulate a strong yet malleable response to these new needs, albeit amidst a rapidly evolving dynamic.

Cyber execs discuss the threat

Australian cyber security chiefs gathered in Melbourne recently to discuss how their businesses will deal with the ransomware threat this year. The luncheon was sponsored by Cohesity, who offer next-gen data management and protection solutions.

Derek Cowan, director of systems engineering - Asia-Pacific & Japan at Cohesity, says the increase in size of data footprints across enterprises is proving to be a fundamental factor in the altered dynamic that the pandemic has delivered.

“The pandemic has supercharged digital adoption and transformation amongst governments, organisations and consumers, which has created opportunities for cyber criminals. As organisations adopt new technologies and integrate new cloud applications into their technology environment, they increase their data footprint”, Cowan says.

“This increased data footprint, combined with the increase in the number of people working from home, who may be using shadow IT or are simply outside the security perimeter of the office, is creating a ripe environment for ransomware, as well as a data protection and recovery challenge for organisations.”

The challenge for organisations, according to Cowan, is that many are using what Cohesity describes as ‘legacy technology’ built around 20th century capabilities that increase complexity, create siloed data, force IT teams to manage multiple products from multiple vendors, do not integrate with existing 3rd party security solutions, and which do not share common security policies across data management infrastructure.

“Organisations understand that ransomware is become increasingly more sophisticated and frequent. However, with malicious actors now specifically going after not just the data, but backup data too, the game has changed”, says Cowan.

“This means it is crucial to look beyond backups as the sole solution, and instead consider how next-gen data management technology – which delivers simplicity at scale, is built around zero trust principles, can deliver AI-power insights, and should have 3rd party extensibility – might help improve the ability to effectively govern and protect data, to mitigate risk, and compliance with regulations and legislation”, he says.

For James Ng, general manager of security operations for AARNet, the challenges posed by ransomware have been seen up close, and so too strategies to respond to it.

“Whilst AARNet has not experienced a ransomware attack, across the sector we support through our managed SOC services, we are aware of organisations impacted by ransomware”, Ng says.

“In one example, the timely identification and isolation of compromised accounts and assets meant there was no ransom communicated and therefore none paid. The attack impacted corporate services including email – this resulted in the use of non-corporate email and phone as the primary communication method while services were taken offline and restored from a known good recovery point”, he says.

AARNet’s approach to reviewing cybersecurity protocols proved to be a case of fortuitous timing when it came to responding to the new dynamic that the pandemic created.

“Just prior to COVID, AARNet was coincidentally going through a significant cyber security uplift. This included reviewing and updating our cybersecurity policy, standards and procedures”, says Ng.

“With the onset of COVID, we were on the front foot for ensuring we had both the appropriate processes (supported by policy and standards) in place, and technologies deployed in a secure manner to facilitate remote working”, he says.

“The secure manner encompassed additional security controls, including preventative measures such as MFA (Multi-Factor Authentication), detective measures where we rolled out SOC monitoring via SIEM technologies and responsive measures to ensure we could effectively quarantine/isolate or recover infected assets, and also simulate and run ransomware tabletop exercises.”

A new era in 2022: The end of the beginning

Many people and organisations have commenced 2022 with an ambition to ‘return to (the new) normal’. In Australia, states and territories have sought to put an end to lockdowns, loosened restrictions surrounding pandemic isolation requirements, and started down the path to fully reopen their borders to domestic and international travellers once more. To many it’d be tempting with all these visible changes to suggest the worst of the pandemic is over.

Yet for the Australian cybersecurity community, the rueful reality is that this new year can realistically only be seen as the ‘end of the beginning’ of this new era, when it comes to ransomware.

For threat actors, the many high-profile ransomware attacks of 2021 illustrate it was a very productive year for them, and doubtless such actors are aspirational to pursue more of the same in 2022, with production data a prime target, and backup data a high value target.

The task ahead for cybersecurity professionals and their organisations is to recognise this new era indeed poses confronting challenges, but also new opportunities to define and deploy a revised strategy that more deeply factors in the role of modern data management and greater integration with IT teams, in this altered security landscape.

Such an approach requires a readiness to engage in a fundamental rethink not only about the contemporary challenges of ransomware in 2022, but also beyond, and to how security postures are strategically built around not just endpoint or network security, but data protection too.

Yet just as is a very sizeable task, especially with the added challenge of bringing data management into the fold, so too does it bring with it the prospect of defining a new direction, one where an organisation can ultimately become better-positioned in its defences in 2022 as this pandemic continues, and also in the post-pandemic era to follow.

Copyright © 2022 IDG Communications, Inc.