As Cybersecurity Awareness Month winds down, I am stunned at the feedback I have been receiving on my daily social media posts about cybersecurity and cyber storage resilience and recovery. An awakening is happening that serious changes are underway in the cyber threat landscape − just as there is a realization that too many enterprises have not seen their cybersecurity measures work as effectively as they expected because they left out a critical piece: the cybersecurity of their enterprise storage.
Cybercriminals attempted 493.3 million ransomware attacks in 2022, which remains the second-highest year ever recorded for ransomware attacks globally. Experts expect this figure to be higher by the end of 2023. These types of cyberattacks account for 12% of all critical infrastructure breaches in the last year. This is bad news for enterprises. It means that ransomware attacks are broadening in scope, and new tactics, designed to outsmart you, are now being used.
You think ransomware attacks have been bad? It’s getting worse. Even the FBI says so and it has become so serious that the SEC has mandated that cybersecurity breaches must be reported in public SEC documentation for publicly traded companies.
Don’t Get Complacent About Ransomware
The vulnerabilities of legacy storage infrastructures are being exposed. Backing up data is not nearly at the level of security that is needed for storage – not by a long shot. IT leaders are waking up to the fact that cybercriminals have figured out how to attack primary storage and secondary storage. Cybercriminals are evolving quickly and becoming more sophisticated, while enterprises tend to move slower to implement the one “weapon” they have against ransomware as well as various other forms of malware: cyber resilience.
Just because an enterprise successfully managed to avoid being taken down by a cyberattack last year doesn’t mean that its security-minded approach to IT infrastructure will hold up this year or in 2024. Look at all the information-sharing of insights and solutions, as well as horror stories of incomplete cybersecurity, in social media throughout the month of October: Cybersecurity Awareness Month.
To make October 2023 a month to remember in the cybersecurity field, the Cybersecurity and Infrastructure Security Agency (CISA) launched a whole new cybersecurity program to educate enterprises on how to stay cyber secure. The list of Cybersecurity Awareness Month Champions is longer than my arm, but with a cyberattack hitting every 30 seconds or less, you have to know your enemy and you need to strategize accordingly.
Awareness is one thing. Embracing successful strategies for cyber storage and implementing best-in-class cyber resilience are another.
FBI Warning of More Aggressive Ransomware Tactics
Only a month ago, the U.S. Federal Bureau of Investigation (FBI) warned that two new trends have emerged among threat actors who are focused on ransomware. One trend is for cybercriminals to launch multiple ransomware attacks against the same company within a short period of time, taking advantage of the fact that a company is distracted by the first cyberattack. It’s the equivalent of “kicking a person when they are down.” Hackers are becoming exponentially more persistent. Attacking an already compromised system seems to be giving them more leverage. It tests the resiliency of the storage infrastructure.
An FBI advisory reported that the attacks have also included deployment of two different ransomware variants “in various combinations,” the FBI said. Dual ransomware variants are increasingly being used, causing a combination of data encryption, exfiltration, and economic losses, including ransom payments.
The second trend is ransomware threat actors using new tactics that are focused on data destruction during attacks. To apply pressure to companies that they are victimizing, they are deploying wiper tools. They are trying to take advantage of the lack of awareness among leaders of enterprise companies. Cybercriminals are also automating cyberattacks by using AI. They are not only stealing data but also maliciously dropping in data-poisoning “pills” to wreak havoc on an enterprise.
It’s no surprise why 66% of CIOs whom researchers interviewed for a SonicWall market research report said they plan to increase their investment in cybersecurity. But are they treating cyber resilience as something separate from cybersecurity?
Cyber storage resilience and recovery need to be incorporated into a comprehensive enterprise-wide cybersecurity strategy. It needs to be seen that cybercriminals are targeting storage – both primary storage and backup/archival storage. These bad actors can be sitting inside an organization, dormant, for as much as 300 days without being detected – then they strike through the legacy storage arrays. Ransomware breaches are harder to detect. They cannot be fixed by backup alone. And when they are activated, they are happening faster than ever, giving more CIOs sleepless nights.
This is why the modernization of storage, the consolidation of storage, and the pressure-testing of storage are so vital. CIOs and their IT teams need to attain the confidence that their storage infrastructure can handle these new tactics from ransomware-focused threat actors. Don’t be outsmarted by cybercriminals.
Readiness of Enterprises to Handle New Tactics of Cyberattacks
Enterprises need to better secure their storage systems. With more than 70% of enterprises using hybrid cloud, according to the 2023 State of the Cloud Reporter (from Flexera), IT leaders need to secure the data stores that are moving between on-premises and the public cloud. Bad actors are targeting this movement, as if they are train robbers in the wild, wild west of yesteryear. Data that is at rest and in motion needs to be more tightly secured.
Best practices have already been established for injecting enterprise storage solutions with cyber resilience and recovery capabilities through software. You can count these best practices on one hand. So, when you are in a meeting about cybersecurity for your enterprise storage environment, you can lift up your hand and make sure you touch upon each one:
- Immutable snapshots (your thumb)
- Rapid cyber recovery (your index finger)
- Cyber detection (your middle finger)
- Air-gapping (your ring finger)
- Fenced forensic environments (your pinky finger)
These are five essentials to an overall enterprise cyber storage resilience and recovery strategy and architecture. Now you know you won’t forget any of them because you know you can count them on one hand. Give enterprise cyber storage resilience and recovery a hand! It works.
The best way to infuse enterprise cyber storage resilience and recovery into your infrastructure is through software. You should look for software that extends cyber resilience capabilities to the storage arrays. It should leverage immutable snapshots, create a logical air-gap for separation of management and data planes, establish a fenced forensic environment, deliver cyber storage detection, and provide near-instantaneous recovery from cyberattacks.
Make your enterprise truly ready for ransomware attacks, and then you can get a good night’s sleep.