Data has become today’s most desired commodity. As the world’s digital dependencies grow, the vulnerability of the digital channels that businesses rely on every day increases in lockstep.
Cyber attackers adapt quickly to the latest perimeter defences because there’s greater anonymity involved in probing a victim’s security posture from behind a computer screen, particularly when compared to syphoning an oil pipeline or tunnelling under a bank.
Rubrik ANZ managing director Scott Magill said that, unfortunately, many organisations disproportionately focus on and invest in trying to mitigate the risk of a cyber attack rather than focusing on minimising the impact.
“Regrettably, we live in a world where cyber attacks are inevitable, so focusing on minimising their impact has never been more important,” Mr Magill said.
“With the rapid evolution of cyber attack methods, reducing the risk of a cyber attack to zero is a Sisyphean task. Short of taking your business completely offline, it’s nearly impossible.”
Minimising the impact of a breach, however, is where organisations can truly turn the tables on attackers, according to Mr Magill.
First, it’s critical to understand the impact a cyber attack has on the organisation. The best way to do this is to understand the value criminals derive from data following an attack.
The value cyber criminals find in data is also two-fold. First, if an attacker can deny an organisation access to its data, that organisation will find it near impossible to operate until that data is restored. The attacker can then demand a ransom from the victim in order to have the data returned.
“This is the classic denial of data ransomware attack. An inability to operate is one of the top business risks organisations face,” he said.
“Staring down the prospect of days, weeks, or months offline, recent research has found 72% of organisations make the difficult decision to pay attackers to regain access to their data.
“Once the ransom is paid, though, there is no guarantee the data will be returned. In fact, that same research found only 16% of those who paid a ransom were able to recover all their data.
“A more recent means of monetising cyber attacks sees the culprit steal the victim’s data – typically customer personal information or financial data – then demand a ransom on threat of that data being published or sold on the dark web. This is the exfiltration style of ransomware attack. It puts the victim in an incredibly difficult position with seemingly no right answer.”
Breaking the ransomware business model
In both these cases, the impact on the business stems not from the initial intrusion event but rather from the secondary denial or exfiltration of data, Mr Magill noted.
By reducing the impact of these events, before they take place, an organisation can confidently continue to operate rather than constantly looking over its shoulder and living in fear.
In the case of a data-denial attack, a victim will often pay the ransom when the time and cost to recover is either unknown or prohibitively expensive. With a zero-trust data security strategy, one built on immutable and air-gapped backup data, recovery times become a more predictable and known factor.
Rather than panic and resort to desperation payments, an organisation can quickly assess the fallout, run its tested recovery procedures, and know with certainty how to get back online within just hours instead of weeks or months. This is because the backup data can be used to identify and quarantine anomalies, allowing the victim to recover rapidly from the most recent clean copy.
“In an exfiltration attack, ransomware criminals get their payday when the victim is unaware of what sensitive data was taken – when this is unknown, many assume the worst,” Mr Magill said.
But with cyber training, it is possible to scan the business’s entire environment, locate sensitive data, and apply the appropriate security and access controls before an attack occurs. Then, when an attacker breaches defences, an organisation can be confident personally identifiable or sensitive data was not taken.
“Applying these focused approaches give organisations a predictable, measurable, and demonstrable recovery strategy. This effectively breaks the business model of ransomware by turning a potentially catastrophic event into a minor inconvenience,” he added.
“One thing is for certain; there will always be criminals seeking new ways to make a payday. While the cycle of crime cannot be eradicated, we do have the opportunity to break the ransomware business model and remove the value attackers find in targeting data.”
How we help
Ready to protect your business? My Business Cyber offers a complete solution to test, train and measure awareness, reducing the risk of human error. Protect your business from cyber scams and attacks with automated staff training, phishing simulations, tools, and resources.