The fight for your data: mitigating ransomware and insider threats

Ding! Ding! The prize fight for business data is about to begin. In the red corner, costing businesses an estimated $20 billion last year, ransomware is getting ready to sucker punch the data centre. In the blue corner, the often-overlooked spectre of human error is making yet another comeback. But who’s going to serve the knockout blow that could take the business to the canvas?

Every leader hopes that neither of these challengers will have their organisation on the ropes. In reality though, both present a significant threat to data integrity and business continuity. However, whilst the risks of ransomware are thankfully starting to be taken more seriously, the same care and attention that’s spent defending against ransomware is rarely lavished on barriers to protect against human error.

Where is the biggest risk?

According to recent Veritas research, the average enterprise has been the victim of 1.87 ransomware attacks. The risk is real and growing. In fact, ransomware attacks are believed to have increased in frequency by nearly 50% during the third quarter of 2020. Attacks are getting more sophisticated as organised criminals zone in on high-value data from targeted organisations. And hackers are finding new ways to exert pressure on their victims to pay by bringing whole IT systems to a halt, or stealing sensitive data and threatening to publish it online. As a result, just 43% of businesses who have been attacked have managed to avoid paying a ransom to the criminals that initiated it.

Against this backdrop, anyone could be forgiven for thinking that the ransomware hackers were winning the fight to get to business data. However, human error remains a far more common cause of data loss – and is also growing. According to analysis of their data, 90% of all breaches reported to the UK Information Commissioners Office (ICO) in 2019 were the result of mistakes made by end users. This was up from 61% and 87% over the previous two years.

Little wonder, in some senses, since human error is becoming a much more distributed challenge. Even if businesses train their entire workforce to exceptional standards, they’re probably only reaching a fraction of the people who could put their data at risk. Business partners, contractors, third parties and all manner of workers in the supply chain can impact data integrity.

So, even with the rapid growth and greedy expansion of attacks from ransomware, hackers still have a long way to go before they could have a broader impact on business data than simple human error.

How ransomware continues to target businesses – and what to do about it

Ransomware is hitting firms of all sizes. How can it be avoided? Read here

What can we learn from the ransomware approach?

Whilst the motivation and circumstances behind these two types of data loss couldn’t be more different, the solutions can actually have a lot in common. Here are five key lessons about dealing with human error that have been learned from protecting against ransomware:

  1. Act as if a breach is inevitable: Businesses have realised that trying to protect the network perimeter against an incoming ransomware attack is like being the boy using his fingers to plug the holes in the dam: ultimately, something is going to leak through. Planning for a worst-case scenario and being prepared to respond is absolutely necessary.
  2. Avoid a single point of failure: If you only have one copy of your data and it’s hit by ransomware, your options for getting it back are severely limited. The same is true in the event that a unique piece of data is accidentally deleted or overwritten. Your chances of restoring the information, however, are significantly increased already have a backup copy. Two copies are better than one and three copies, where one is offline and immutable, supports best practice.
  3. Monitor your data: Data monitoring so that a business is able to recognise any material changes to files, can help businesses to spot a ransomware attack quickly and respond in good time. Monitoring data can also help to identify if files have been accidentally removed. In the immediate aftermath of an accident, there are often ways to reverse its impact. Spotting changes quickly will nearly always give you an advantage.
  4. Employee education, communication and trust are key: Sophisticated phishing schemes mean that employees are very often the gateway to a ransomware attack. As a result, many businesses offer company-wide training on how to respond, encouraging team members to communicate instantly if they think they’ve been the cause of a breach and to trust that they won’t be blamed for it. The same approach is not often extended for data loss accidents but would help businesses to identify challenges, monitor risk and act accordingly.
  5. Protection data is as vulnerable as any other: If left unchecked, ransomware can quickly move from primary data to its backups. Similarly, errors made in primary data will soon be reflected in the backup. Having the right policies and technologies in place to ensure that backup data is there when needed is critical.

Prize fight

So, is ransomware or human error the most likely to knockout a data centre? The reality of the situation is that they’re both coming for the data, and it’s almost inevitable that both will hit. The law of averages says that human error will occur most often – but ransomware will also get there in the end, and both can be devastating. Business should be prepared to protect, detect, respond and recover from either threat to their data and, those that box clever, should be prepared for both.

Written by Mark Nutt, senior vice-president EMEA at Veritas Technologies

Editor's Choice

Editor's Choice consists of the best articles written by third parties and selected by our editors. You can contact us at timothy.adler at stubbenedge.com