Page 120 - Cyber Defense eMagazine June 2020 Edition
P. 120
The threat landscape is evolving
There is a growing amount of fragmentation in the types of ransomware attacks in play today. Chief
Security Officers (CSOs) mainly associate ransomware with data encryption. This involves malicious
agents gaining access to sensitive or mission-critical data and encrypting it. The ‘deal’ in this scenario is
the business pays a ransom in exchange for files to be decrypted and returned to their original, usable
form. This is by no means the only threat for CSOs to consider. In other cases, cyber-attackers will upload
data instead of encrypting it. This means the ransom is to prevent a public leak of potentially sensitive
data.
These disguises and behaviours make it very difficult to consistently defend against the widening
landscape of threats. The golden rule for organizations to follow is to maintain a clear view of what is
normal behaviour within their own IT infrastructure. This can be achieved through continuously monitoring
data and cloud storage, as well as leverage analytics on networks, operating systems and applications.
This increased awareness of what a secure state of play looks like can make suspicious and malicious
activity easier to spot, crucially accelerating time to response.
Making good use of encryption is also key for organizations. If malicious threats cannot ‘see’ your data,
it’s more difficult for them to use it against you. According to Duo’s Privacy in the Internet Trends report,
87% of web traffic is encrypted – a number that is rising all the time. However, it is less clear what
percentage of enterprises’ data is encrypted. Zscaler’s IoT in the Enterprise found that 91.5% of traffic
on enterprise IoT networks is non-SSL encrypted. These contrasting figures suggest there is a sizable
gap between how enterprises generally are leveraging encryption versus major web platforms and
service providers.
Are backups cyber-crime’s high-value target?
One area where encryption is vital to bolster organizations’ defences against ransomware and insider
threats is implementing ‘nearline’ encryption on data backups. The Veeam 2019 Cloud Data Management
report found that over two thirds of organizations are producing backups of their data. While this is, of
course, a good thing, imagine the blackmail potential for a cyber-attacker of gaining access to a backup
of an organization’s entire digital infrastructure?
Given that cyber-criminals using ransomware to blackmail businesses are looking for data, in theory they
can find whatever they need in an organization’s backed up files. These could be in all manner of forms:
from system disks and removable hard drives, to offline tape devices and cloud backups. Whichever
option a business chooses, the backup repository itself must be protected against attack with an ultra-
resilient media type. Otherwise, there’s a chance that in attempting to protect business continuity,
businesses may be creating a trove of poorly protected data that could be used against them.
For some threat behaviours, this can be mitigated by encrypting backups every step of the way – from
the first disk resource on-premises. Encrypting backups historically is a great idea when tapes leave the
IT facility or if data is transmitted over the Internet. Given the prevalence of modern cyber-threats,
encryption must take place nearer to the backing up process. The most effective technique however is
resiliency in the backup data.
Cyber Defense eMagazine –June 2020 Edition 120
Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.
