Cybercriminals are breaking records for all the wrong − and sinister − reasons. Publicized ransomware attacks increased by nearly 50% in the first half of 2023, compared to the first six months of last year, according to data from Blackfog. The month of July saw one of the highest numbers of ransomware attacks this year, with well over 400 attacks causing damage and disruption.
These figures do not include ransomware attacks that are not made public.
Nearly 2,000 ransomware attacks were undisclosed in the first half, but the ramification is that the real ransomware landscape is much worse than the average Chief Information Officer (CIO) or Chief Information Security Officer (CISO) really knows. This is a sobering realization, especially as we recognize that this is Cybersecurity Awareness Month.
Cybercriminals are upping the ante, launching more dangerous ransomware and malware attacks than ever to make every enterprise a victim of cybercrime. According to the latest cybersecurity findings in a Comparitech report, the average number of records affected per ransomware attack has risen from approximately 119,000 to over 559,000 records, and the average number of records impacted has increased from 49.8 million to 115.8 million.
The average ransom that cybercriminals demanded in 2022 across all sizes of enterprise was $7.2 million. But for large enterprises, the ransom demands have scaled from $10 million to $30 million to $50 million to $80 million and surpassing $100 million. All sorts of enterprises are being targeted, ranging from healthcare to educational institutions to banks, insurance companies, consumer companies, transportation companies, cloud hosting companies, the public sector, government agencies, and more.
The question is not if your enterprise will suffer a cyberattack, but when and how often. It is clear that no enterprise is immune from cyberattacks.
The leading central hub for reporting cybercrimes in the United States is the Internet Crime Complaint Center, or IC3, which is run by the FBI. The IC3 has reported that the leading causes of ransomware incidences are phishing, software vulnerabilities, and the exploitation of Remote Desktop Protocol (RDP).
According to Microsoft, nearly 97% of all ransomware infections take less than 4 hours to successfully infiltrate their target. The fastest can take over systems in less than 45 minutes.
Cybercriminals get into the primary and secondary storage systems to encrypt the data and demand an exchange for the decryption key for a significant amount of money that takes away from an enterprise’s revenue and profit. It can even put an enterprise out of business, virtually overnight, due to the disruption of the business. Notably, these cyber criminals can sit in the data infrastructure for months, waiting for the optimal opportunity to strike. A CIO may have cybercriminals and ransomware in their infrastructure − hidden, plotting, and nefarious − but not even know it yet.
Antivirus software and anti-malware software are not enough to keep them out. Backup alone is no longer enough. The data protection strategies that many CIOs and CISOs are accustomed to are simply not holding up against the massive wave of ransomware attacks. Plus, there is no guarantee that a cybercriminal will even honor the terms of a ransom.
Therefore, implementing the latest thinking in cybersecurity best practices for data and the enterprise data and storage infrastructure gives you the best shot at resisting and overcoming these heinous cyberattacks, which can unfortunately bring a large enterprise to its knees.
How do you “bust” the cybercrimes when they’re targeting the data infrastructure to brazenly take data “hostage”?
Here are five practical insights about the newest dimensions of cybersecurity that are uprooting ransomware attacks and thwarting the harmful plans of cyber criminals. These sophisticated hackers don’t want you to know the following five key insights.
Nonetheless, it is garnering the attention of large enterprises on the Fortune Global 500 list and beyond.
Insight #1 as a Cybercrime Buster
Make enterprise cyber storage resilience and recovery part of your overall cybersecurity strategy.
The gap in many corporate cybersecurity strategies is the absence of cyber storage resilience and recovery. It’s imperative that enterprises shore up their cyber resilience and recovery in their data and storage infrastructure to be properly equipped to combat ransomware attacks. This insight was derived from the fact that the more resilience an enterprise storage infrastructure has, the more it can withstand an attack and bounce back with confidence.
Enterprise cyber storage resilience and recovery is designed to minimize, or help prevent, the impact of a cyberattack. It was developed from the ground up to add a necessary dimension to cybersecurity. With increased cyber storage resilience and recovery, a CIO and a CISO can work together to more effectively “bust” this cybercrime in ways that are simply not possible with other cybersecurity approaches. It’s like having a cyber version of Sherlock Holmes.
Insight #2 as a Cybercrime Buster
Build a comprehensive enterprise cyber storage resilience and recovery architecture (including integration with backup software).
Once you have incorporated enterprise cyber storage resilience and recovery into your enterprise cybersecurity strategy, it’s wise to build out a cyber storage resilience and recovery architecture. It will help you orient yourself around the major components of cyber resilience, ranging from immutable/unchanging data snapshots to AI-powered cyber detection to rapid recovery of a known good copy of data. A well-formed architecture enables you to pinpoint where and how cyber storage resilience and recovery capabilities, which can be delivered through a software upgrade (i.e. InfiniSafe Software), will fortify your data storage infrastructure.
You do not need to abandon your backup software, no matter if you’re using Veeam, Veritas, IBM Protect, Commvault, or whatever other backup software solution. You can find an enterprise storage software solution that integrates and works with all these different backup solutions, providing a technology-neutral approach that adds cyber storage resilience and recovery, yet without the cost or complexity of a total overhaul. Infinidat has mastered this integration for enterprises. It becomes all part of the broader cyber architecture that represents the true modernization of the enterprise storage infrastructure. And it’s a lever to be used to “bust” even the most sophisticated cyberattacks.
Insight #3 as a Cybercrime Busters
Make enterprise storage immutable.
Snapshots of data within your enterprise should be immutable. They should be in a state in which cybercriminals cannot change them in any way.
Only through this immutability will you have the assurance that you can recover a known good copy of data.
What you need to do next in this process is to air-gap the data, separating the management and data planes, and get it into a fenced forensic environment to test whether it’s free of ransomware or malware. CIOs and CISOs, as well as storage administrators, should check the capabilities of their backup and recovery tools, and whether they can be used to create air-gapped datasets.
Insight #4 as a Cybercrime Busters
Deploy cyber detection on primary storage.
Immutable snapshots are not foolproof, however. If malware Infects the snapshot, it can become a problem. This has prompted the emergence of the capability to detect anomalies at the storage device and network level. Cyber detection helps spot ransomware infections across vast amounts of data. The right capability should be able to recognize anomalies, such as abnormally large numbers of changes to files in a dataset, or higher levels of randomness in filenames or contents. These are the kinds of things that can happen when ransomware begins its wretched work to encrypt data.
Cyber detection is designed to help enterprises resist and quickly recover from cyberattacks. It provides highly intelligent deep scanning and indexing needed to identify potential issues.
Cyber detection inspects the full breadth of files, applications, core storage infrastructure (such as volumes), and databases for signs of cyber threats for primary storage environments, helping ensure all data that needs to be recovered has integrity.
It’s best to deploy a cyber detection solution on primary storage that uses advanced machine-learning models that provide 99.5% confidence in detecting cyber threats. This helps to deal with false positives/negatives and greatly reduces the effort in any additional forensics.
Look for a solution with content-based analytics that inspects inside files for even subtle signs of attack. The post-attack dashboard should detail the last known good copy of the data for rapid, intelligent recovery.
Insight #5 as a Cybercrime Busters
Choose near-instantaneous recovery of a known good copy of data.
Bringing systems back online rapidly and at scale is vital for an enterprise.
You do not need to be handcuffed to slow, laborious recovery of your enterprise’s data. Don’t settle for less.
You should not have to wait days to cover the data. Tools exist today to accelerate recovery to minutes or even seconds, regardless of dataset size. It’s totally reasonable and doable for you to expect near-instantaneous recovery, some enterprise cyber recovery solutions can recover the known good copies of an immutable snapshot in under one minute.
The implication of such fast recovery is that it eliminates the ransom demands of the cybercriminals – busted! You don’t need to pay the ransom to get the data back.
Cyber recovery gets you the data back – and at a much faster rate than if you wait for the bad actor to give you the key to the data and then you have to restore everything. With rapid cyber recovery, you can basically ignore the cybercriminal. ‘Game over’ for the bad guys!
If you apply these five insights to large enterprise storage, you can turn the tables against cyber criminals.
You may be wondering why enterprise cyber storage resilience and recovery does not get the attention in the enterprise space that it deserves, or why it takes a storage guy like me to inform CIOs and other CxO executives about the power of cyber resilience to thwart cyberattacks.
I’ll invoke a Sherlock Holmes quote, “My name is Sherlock Holmes. It is my business to know what other people don’t know.” Today, a cyber resilient and recovery storage solution, such as InfiniSafe, knows what IT leaders may not know about their enterprise data and storage infrastructure. But, IT leaders can harness this tool for a great benefit.
As a leader in enterprise cyber storage resilience and recovery, Infinidat, which is one of the Cybersecurity Awareness Month Champions, is dedicated to promoting a safer, more secure environment for our enterprise customers. We also provide industry-leading guarantees for cyber resilience on primary storage.
In a similar vein as Sherlock Holmes’ famous line about solving a mystery, “Elementary, my dear Watson,” it’s safe to say about all these cyber storage resilience and recovery capabilities to fight off ransomware most effectively as a cybercrime buster, “Elementary, my dear InfiniBox.”